SKILL: AV/EDR Evasion — Expert Attack Playbook

AI LOAD INSTRUCTION: Expert AV/EDR evasion techniques for Windows. Covers AMSI bypass, ETW bypass, .NET assembly loading, shellcode execution, process injection, unhooking, payload encryption, and signature evasion. Base models miss detection-specific bypass chains and syscall-level evasion nuances.

0. RELATED ROUTING

Before going deep, consider loading:

• windows-privilege-escalation when privesc tools are blocked by AV
• windows-lateral-movement when lateral movement tools trigger EDR
• active-directory-kerberos-attacks when Rubeus/Mimikatz are detected
• active-directory-acl-abuse for non-binary AD attacks (less AV-sensitive)

Advanced Reference

Also load AMSI_BYPASS_TECHNIQUES.md when you need:

• Detailed AMSI bypass code patterns (memory patching, reflection)
• PowerShell-specific AMSI bypasses
• .NET AMSI bypass techniques