Certified Evasion Techniques Professional (CETP)
In recent years, Endpoint countermeasures have improved rapid in their detection and response capabilities. It now takes a lot of investment by red teams to develop tradecraft and techniques that can reliably evade or bypass these countermeasures.
The Evasion lab (Certified Evasion Techniques Professional) is designed to equip information security professionals with the expertise needed to bypass defenses in modern enterprise environments. This course delves deep into the techniques and methodologies used to bypass endpoint countermeasures like EDRs. You will gain a comprehensive understanding of Windows internals, including the distinction between user-mode and kernel-mode components, also you will gain a comprehensive understanding of EDRs internals, and how telemetries are collected.
Throughout the course, you will learn about Windows Internals, reversing EDRs, bypassing Microsoft Defender for Endpoint (MDE), Elastic EDR, Sysmon weaponizing kernel exploits for defense evasion and bypassing security controls like Protected Processes (PP), Process Protection Light (PPL), Digital Signature Enforcement (DSE), Attack Surface Reduction (ASR) rules and incapacitating Event Tracing for Windows (ETW) telemetry and a lot more .
The Evasion Lab is ideal for security practitioners, red teamers and malware developers who want to gain an edge in their assessments. With detailed lab exercises and video walkthroughs, the course offers a unique opportunity to experiment with writing custom rootkits, exploiting kernel vulnerabilities and blinding endpoint countermeasures. This course is not just about learning new techniques; it’s about understanding the inner workings of defensive technologies so that you can outsmart them in any scenario.
What's Included
What will you Learn?
The Evasion Lab enables you to:
Prerequisites for the course
In recent years, Endpoint countermeasures have improved rapid in their detection and response capabilities. It now takes a lot of investment by red teams to develop tradecraft and techniques that can reliably evade or bypass these countermeasures.
The Evasion lab (Certified Evasion Techniques Professional) is designed to equip information security professionals with the expertise needed to bypass defenses in modern enterprise environments. This course delves deep into the techniques and methodologies used to bypass endpoint countermeasures like EDRs. You will gain a comprehensive understanding of Windows internals, including the distinction between user-mode and kernel-mode components, also you will gain a comprehensive understanding of EDRs internals, and how telemetries are collected.
Throughout the course, you will learn about Windows Internals, reversing EDRs, bypassing Microsoft Defender for Endpoint (MDE), Elastic EDR, Sysmon weaponizing kernel exploits for defense evasion and bypassing security controls like Protected Processes (PP), Process Protection Light (PPL), Digital Signature Enforcement (DSE), Attack Surface Reduction (ASR) rules and incapacitating Event Tracing for Windows (ETW) telemetry and a lot more .
The Evasion Lab is ideal for security practitioners, red teamers and malware developers who want to gain an edge in their assessments. With detailed lab exercises and video walkthroughs, the course offers a unique opportunity to experiment with writing custom rootkits, exploiting kernel vulnerabilities and blinding endpoint countermeasures. This course is not just about learning new techniques; it’s about understanding the inner workings of defensive technologies so that you can outsmart them in any scenario.
What's Included
- Access to a lab environment (One/Two/Three months) with updated Server 2022 machines. Lab can be accessed using a web browser or VPN.
- A ready to use student VM in the cloud that has all the tools pre-installed.
- Life time access to all the learning material (including course updates).
- 14+ hours of video course
- Course slides.
- Lab manual.
- Walk-through videos.
- One Certification Exam attempt for Certified Evasion Techniques Professional (CETP) certification.
- Support on email and Discord.
What will you Learn?
The Evasion Lab enables you to:
- Learn to bypass EDRs like Microsoft Defender for Endpoint (MDE) and ElasticEDR.
- Dive into Windows Internals & Understand the user-mode and kernel-mode components.
- Reverse-engineer EDR solutions to understand their telemetry collection.
- Weaponizing Kernel Exploits to evade defenses.
- Writing rootkits for evasion purposes.
- Hunting vulnerable Drivers for EDR Killing.
- Bypassing Static detection with obfuscators and code virtualization.
- Bypassing multiple Security controls like : PP/PPL, DSE, ASR, UAC and more.
- Bypassing Network restrictions.
- Preventing EDR's alerts reporting.
- Gain insights into disabling or blinding Sysmon.
Prerequisites for the course
- Ability to use command line tools.
- Understanding of Windows API is a plus but will be covered in the class.
- Basic programming knowledge in C and Python is a plus but relevant code will be covered in the class.
![Certified Exploit Development Professional [CEDP]](/data/resource_icons/0/128.jpg?1753658993){kind=icon}
