Level Up Your Malware: A Practical Journey Into EDR Evasion

Every aspiring penetration tester has encountered this moment: you download a tool from GitHub, execute it, and within seconds, it’s flagged, quarantined, or outright blocked by an Endpoint Detection and Response (EDR) solution. This talk explores what separates a typical script user from a skilled adversary: the ability to adapt, build, and iterate. Our goal is to demystify the entry point into malware development by walking through a real-world learning process focused on evading modern EDR technologies. We’ll start by demonstrating the limitations of well-known tools like Mimikatz and Cobalt Strike when used in default configurations. From there, we’ll explore the impact of simple obfuscation techniques using frameworks like Avet, and explain why these approaches often fail against modern EDRs that recognize and signature the obfuscators themselves. The heart of the talk centers on building a custom shellcode loader and modifying it through trial and error to eliminate detectable Indicators of Compromise (IoCs). Through live examples and a structured methodology, attendees will learn how to identify detection points, debug EDR responses, and refine tooling to slip past defenses. By the end, participants will walk away with a solid foundation in malware development and a roadmap to begin crafting their own evasion tools.