# 防御逃避

- [ReflectiveDLLInjection变形应用](/defense-evasion/reflectivedllinjection-variation.md)
- [Execute-Assembly实现](/defense-evasion/cobaltstrike-executeassembly-realization.md)
- [ShadowMove复现与思考](/defense-evasion/shadowmove-emersion-and-think.md)
- [载入第二个Ntdll绕Hook](/defense-evasion/load-ntdll-too.md)
- [编译时混淆字符串&函数调用](/defense-evasion/compile-time-obfuscation.md)
- [基于线程结束的EventLog绕过](/defense-evasion/fuck-eventlog.md)
- [动态获取系统调用(syscall)号](/defense-evasion/dynamic-get-syscallid.md)
- [基于内存补丁的AMSI绕过](/defense-evasion/memory-pacth-bypass-amsi.md)
- [基于API Hook和DLL注入的AMSI绕过](/defense-evasion/apihook-and-dllinjection-bypass-amsi.md)
- [基于内存补丁ETW的绕过](/defense-evasion/memory-pacth-bypass-etw.md)
- [基于断链的DLL隐藏](/defense-evasion/unlink-module-hide.md)
- [基于HEX字符串执行的AV绕过](/defense-evasion/hex-execute.md): hex-strings-execute
- [CobaltStrike Argue命令实现](/defense-evasion/cobaltstrike-argue.md)
- [简单的分离免杀](/defense-evasion/simple-separate-bypassav.md)
- [伪装PPID规避检测](/defense-evasion/fake-ppid.md): fake-PPID
- [伪装命令行规避检测](/defense-evasion/fake-commandline.md)
- [通过重写ring3 API函数实现免杀](/defense-evasion/overwrite-winapi-bypassav.md)
- [动态调用无导入表编译](/defense-evasion/avtive-call-api.md): 重新编译开源代码绕过杀毒软件
- [基于Registry的虚拟机检测](/defense-evasion/rregistry-check-virtualmachine.md)
- [利用杀毒软件删除任意文件](/defense-evasion/using-antivirus-to-delete-files.md)
- [反转字符串绕杀软](/defense-evasion/reverse-strings-bypass-av.md)
- [重新加载.text节拖钩](/defense-evasion/reload-ntdll-.text-section.md)
- [x64转换层&跨位数进程注入](/defense-evasion/wow64-and-cross-bit-process-injection.md)