Windows Evasion Course
Course Overview
Welcome to the Windows Evasion Course! This self-paced course is designed to give you hands-on expertise in bypassing modern Windows security controls, equipping you with the tools and techniques used in advanced adversary simulation and red teaming.
Whether you're a red team operator, security researcher, or aspiring penetration tester, this course provides practical knowledge for evading defensive solutions like Microsoft Defender, AMSI, and EDRs in real-world environments. The course covers topics such as:
Combining in-depth technical training with hands-on labs, this course ensures you build a strong foundation in Windows Evasion, preparing you for more advanced red team engagements and adversary emulation work.
Prerequisites:
Course Curriculum
Windows Evasion Course
68 Learning Materials
Module 1: Introduction
Introduction
Course Agenda
About Windows Evasion Bootcamp
Module 2: Lab Setup
Introduction
Lab Machines
Setting up the Development Environment
Setting up Windows Test Machine and Networking
Lab Resources
Module 3: AVs and EDRs
Fundamentals
Windows Defender
Anti Malware Scanning Interface
Module 4: Programming Basics
Programming Primers
Win32 API
Processes and Threads
Kill Another Process
Kill Notepad.exe
Emulating AMSI – Associated Win32 API Calls and linking amsi.lib
Emulating AMSI – Writing Code
Emulating AMSI – Testing and Debugging
Emulating AMSI – EICAR
Module 5: PowerShell and Dotnet
Dotnet
PowerShell
Constrained Language Mode
AppLocker
LOLBas and MSBuild
dnSpy
Fileless Execution
Module 6: Payload Obfuscation
Introduction
Yara
Overcoming Yara
Invisibility Cloak
ConfuserEx
Invoke-Obfuscation
Pipelines
Module 7: Bypassing Windows Defender
OverView
Checking Progress
SafetyKatz
Cloud Delivered Protection and In-Memory Execution
Invoke-Mimikatz
Module 8: Endpoint Detection and Response
Introduction
API Hooking - Theory
API Hooking – Assembly Primer
API Hooking Practical – Understanding the Code
API Hooking Practical – Debugging (x86)
API Hooking Practical – Assignments
Event Tracing for Windows
ETW Bypass
Module 9: Setting up EDR Labs
Elastic Defend
Sophos
Module 10: How is EDR Evasion Carried out?
How is EDR Evasion Carried out?
Module 11: Playing around with Elastic EDR
Refining Old Methodology (Dotnet Assemblies)
Exploring Elastic Rules
Trying to masquerade lsass and Bifurcating Attacks.
Further Improvements – Powershell and Dotnet.
DCSync Refresher
DCSync as a Domain Admin
DCSync – New Computer Account
DCSync – Memory Forensics on the DC
DCSync – Calculating and using Hashes
OPSec Safety
Golden Ticket Attack
White Noise
Module 12: Wrapping Up
How is EDR Evasion carried out ?
Firewall Rules
Keeping up with the Defenders
CWEP Exam
Module 13: Course Resources
Windows Evasion Course PPT
Lab Resources
Training Instructor
Siddharth Johri
Security Consultant
Siddharth Johri is a cybersecurity professional skilled in Network Pentesting, AD Security, and Red Teaming, with a focus on uncovering vulnerabilities while evading detection and defenses.
Key Takeaways
- Lifetime access to all course materials and resources.
- Development of home lab to practice evasion techniques in a safe environment.
- Private Discord community for support, discussion, and networking with peers and instructors.
- One attempt at the Certified Windows Evasion Practitioner Exam (CWEP) included.
- Develop stealthy execution strategies for evading modern endpoint detection solutions.
Get Certified (CWEP)
Master the fundamentals of evading modern Windows defenses with the Certified Windows Evasion Practitioner (CWEP) certification — a self-paced, hands-on program designed to build your foundation in stealth tactics and bypass techniques. You’ll learn core concepts like Win32 API usage and AMSI emulation before progressing to PowerShell and .NET obfuscation, Defender evasion, and stealth payload execution. The course also covers endpoint defense mechanisms, including EDR internals, API hooking, and ETW evasion. Through practical labs using Elastic EDR, you’ll gain real-world experience performing low-noise operations like DCSync and blending activity into live environments. Earning the CWEP certification proves your ability to bypass modern security controls and prepares you for advanced adversary simulation and red teaming roles.
FAQs
While prior Malware Development experience will be advantageous, this course does not require a malware development pre-requisite. However, basic knowledge about cybersecurity and attacking Windows and Active Directory Infrastructure is assumed.
You will gain hands-on experience with Elastic EDR, PowerShell, .NET, AMSI, and Windows APIs. Labs are designed to simulate real-world environments and use open-source EDR tools for detection and evasion.
All participants will have access to course materials and recorded sessions for lifetime.
Yes, participants who pass the exam will receive a CWEP certificate, validating their newfound skills in Windows evasion techniques and red teaming.
Training Partners
Ready to Master the Art of Pentesting?
Affordable Price
Unlock your potential with affordable upskilling! Our unbeatable course prices are your chance to level up without breaking the bank. Don't wait to enhance your skills – join us today and take the first step towards a brighter future!
Group Discount
Upskill your team with our hands-on Web Application Hacking Bootcamp and master real-world vulnerabilities.
5-9 Participants: 15% off
10+ Participants:20% off
Contact us at training@redfoxsec.com.
Certificate of Completion
Upon completing our course, you'll receive a certificate of completion to showcase your new skills. Add it to your resume or LinkedIn profile to stand out to potential employers. Let your accomplishments speak for themselves and take your career to the next level!
Hands-On Experience
Get hands-on experience with real-world scenarios and challenges, giving you practical skills that you can apply immediately in your career.
Expert Instructors
Learn from industry experts with years of experience in pentesting, who are passionate about sharing their knowledge and helping you succeed.
Flexible Learning
Whether you're a beginner or an experienced professional, our courses are designed to meet you where you are and help you reach your goals.
Get in Touch
Have a question, need assistance, or want to collaborate? We’re here to help!
Whether you're looking for cutting-edge cybersecurity solutions or expert training or want to learn more about our services, contact us today.
By clicking on Continue, I accept the Terms & Conditions,
Privacy Policy & Refund Policy