# Defense Evasion * [AV Bypass with Metasploit Templates and Custom Binaries](https://hamcodes.gitbook.io/hackersnotes/offensive-security/defense-evasion/av-bypass-with-metasploit-templates-and-custom-binaries) * [Evading Windows Defender with 1 Byte Change](https://hamcodes.gitbook.io/hackersnotes/offensive-security/defense-evasion/evading-windows-defender-with-1-byte-change) * [Bypassing Windows Defender: One TCP Socket Away From Meterpreter and Beacon Sessions](https://hamcodes.gitbook.io/hackersnotes/offensive-security/defense-evasion/bypassing-windows-defender-one-tcp-socket-away-from-meterpreter-and-beacon-sessions) * [Bypassing Cylance and other AVs/EDRs by Unhooking Windows APIs](https://hamcodes.gitbook.io/hackersnotes/offensive-security/defense-evasion/bypassing-cylance-and-other-avs-edrs-by-unhooking-windows-apis) * [Windows API Hashing in Malware](https://hamcodes.gitbook.io/hackersnotes/offensive-security/defense-evasion/windows-api-hashing-in-malware) * [Detecting Hooked Syscalls](https://hamcodes.gitbook.io/hackersnotes/offensive-security/defense-evasion/detecting-hooked-syscalls) * [Calling Syscalls Directly from Visual Studio to Bypass AVs/EDRs](https://hamcodes.gitbook.io/hackersnotes/offensive-security/defense-evasion/calling-syscalls-directly-from-visual-studio-to-bypass-avs-edrs) * [Retrieving ntdll Syscall Stubs from Disk at Run-time](https://hamcodes.gitbook.io/hackersnotes/offensive-security/defense-evasion/retrieving-ntdll-syscall-stubs-from-disk-at-run-time) * [Full DLL Unhooking with C++](https://hamcodes.gitbook.io/hackersnotes/offensive-security/defense-evasion/full-dll-unhooking-with-c++) * [Enumerating RWX Protected Memory Regions for Code Injection](https://hamcodes.gitbook.io/hackersnotes/offensive-security/defense-evasion/enumerating-rwx-protected-memory-regions-for-code-injection) * [Disabling Windows Event Logs by Suspending EventLog Service Threads](https://hamcodes.gitbook.io/hackersnotes/offensive-security/defense-evasion/disabling-windows-event-logs-by-suspending-eventlog-service-threads) * [Obfuscated Powershell Invocations](https://hamcodes.gitbook.io/hackersnotes/offensive-security/defense-evasion/obfuscated-powershell-invocations) * [Masquerading Processes in Userland via \_PEB](https://hamcodes.gitbook.io/hackersnotes/offensive-security/defense-evasion/masquerading-processes-in-userland-via-_peb) * [Commandline Obfusaction](https://hamcodes.gitbook.io/hackersnotes/offensive-security/defense-evasion/commandline-obfusaction) * [File Smuggling with HTML and JavaScript](https://hamcodes.gitbook.io/hackersnotes/offensive-security/defense-evasion/file-smuggling-with-html-and-javascript) * [Timestomping](https://hamcodes.gitbook.io/hackersnotes/offensive-security/defense-evasion/timestomping) * [Alternate Data Streams](https://hamcodes.gitbook.io/hackersnotes/offensive-security/defense-evasion/alternate-data-streams) * [Hidden Files](https://hamcodes.gitbook.io/hackersnotes/offensive-security/defense-evasion/hidden-files) * [Encode/Decode Data with Certutil](https://hamcodes.gitbook.io/hackersnotes/offensive-security/defense-evasion/encode-decode-data-with-certutil) * [Downloading Files with Certutil](https://hamcodes.gitbook.io/hackersnotes/offensive-security/defense-evasion/downloading-files-with-certutil) * [Packed Binaries](https://hamcodes.gitbook.io/hackersnotes/offensive-security/defense-evasion/packed-binaries) * [Unloading Sysmon Driver](https://hamcodes.gitbook.io/hackersnotes/offensive-security/defense-evasion/unloading-sysmon-driver) * [Bypassing IDS Signatures with Simple Reverse Shells](https://hamcodes.gitbook.io/hackersnotes/offensive-security/defense-evasion/bypassing-ids-signatures-with-simple-reverse-shells) * [Preventing 3rd Party DLLs from Injecting into your Malware](https://hamcodes.gitbook.io/hackersnotes/offensive-security/defense-evasion/preventing-3rd-party-dlls-from-injecting-into-your-malware) * [ProcessDynamicCodePolicy: Arbitrary Code Guard (ACG)](https://hamcodes.gitbook.io/hackersnotes/offensive-security/defense-evasion/processdynamiccodepolicy-arbitrary-code-guard-acg) * [Parent Process ID (PPID) Spoofing](https://hamcodes.gitbook.io/hackersnotes/offensive-security/defense-evasion/parent-process-id-ppid-spoofing) * [Executing C# Assemblies from Jscript and wscript with DotNetT](https://hamcodes.gitbook.io/hackersnotes/offensive-security/defense-evasion/executing-c-assemblies-from-jscript-and-wscript-with-dotnettojscript)