##Recommended Read / Watch https://www.vx-underground.org/archive.htmlhttps://www.vx-underground.org/windows.htmlhttps://doxygen.reactos.org/index.htmlhttps://www.hexacorn.com/https://modexp.wordpress.com/https://klezvirus.github.io/https://zerosum0x0.blogspot.com/https://www.binarly.io/posts/index.htmlhttps://0xdarkvortex.dev/blogs/https://cocomelonc.github.io/https://pre.empt.blog/https://www.x86matthew.com/https://github.com/rapid7/metasploit-payloads/tree/master/c/meterpreterhttps://www.youtube.com/@OALABS

##Books Surreptitious Software: Obfuscation, Watermarking, and Tamperproofing for Software Protection: Obfuscation, Watermarking, and Tamperproofing for Software Protection

###Windows Native API Programming https://leanpub.com/windowsnativeapiprogramming

###Tutorial Series AV/EDR Evasion | Malware Development Part 1 - 4 https://medium.com/@0xHossam/av-edr-evasion-malware-development-933e50f47af5

###Malware development part 1 - N https://0xpat.github.io/Malware_development_part_1/

###X-Bypassing Bypassing Image Load Kernel Callbacks https://www.mdsec.co.uk/2021/06/bypassing-image-load-kernel-callbacks/

###Shhmon — Silencing Sysmon via Driver Unload (Sysmon Evasion, MiniFilter Driver Loading/Unloading, Sysmon Events) https://posts.specterops.io/shhmon-silencing-sysmon-via-driver-unload-682b5be57650

###FireWalker: A New Approach to Generically Bypass User-Space EDR Hooking https://www.mdsec.co.uk/2020/08/firewalker-a-new-approach-to-generically-bypass-user-space-edr-hooking/

###Silencing Cylance: A Case Study in Modern EDRs (Various in-Memory techaniques to bypass Cylance, IMAGE_DEBUG_DIRECTORY powershell pdb info, office macro) https://www.mdsec.co.uk/2019/03/silencing-cylance-a-case-study-in-modern-edrs/

###The dying knight in the shiny armour (Bypass Windows Defender with redirecting NT symbolic link and driver sideloading) https://aptw.tf/2021/08/21/killing-defender.html

###Bypass EDR’s memory protection, introduction to hooking https://medium.com/@fsx30/bypass-edrs-memory-protection-introduction-to-hooking-2efb21acffd6

###Bypassing Cylance and other AVs/EDRs by Unhooking Windows APIs https://www.ired.team/offensive-security/defense-evasion/bypassing-cylance-and-other-avs-edrs-by-unhooking-windows-apis

###Adventures in Dynamic Evasion https://posts.specterops.io/adventures-in-dynamic-evasion-1fe0bac57aa

###Bypassing Cortex XDR https://mrd0x.com/cortex-xdr-analysis-and-bypass/

###Lets Create An EDR… And Bypass It! Part 1 https://ethicalchaos.dev/2020/05/27/lets-create-an-edr-and-bypass-it-part-1/

###Lets Create An EDR… And Bypass It! Part 2 https://ethicalchaos.dev/2020/06/14/lets-create-an-edr-and-bypass-it-part-2/

###Bypassing VirtualBox Process Hardening on Windows https://googleprojectzero.blogspot.com/2017/08/bypassing-virtualbox-process-hardening.html

###AVOIDING GET-INJECTEDTHREAD FOR INTERNAL THREAD CREATION (_beginthread, _beginthreadex) https://www.trustedsec.com/blog/avoiding-get-injectedthread-for-internal-thread-creation/