Summary
This covers the full spectrum of endpoint detection evasion: unhooking ntdll to remove userland hooks, direct and indirect syscalls to bypass monitored APIs, PPID spoofing to blend into legitimate process trees, and patching AMSI and ETW to blind telemetry. The source material is thorough, with actual C and assembly snippets for techniques like mapping clean ntdll from KnownDlls, resolving syscall numbers with HellsGate, and implementing sleep masking to encrypt beacon memory during idle periods. Use this when you're developing implants that need to survive modern EDR or testing your own detection stack. The skill also covers process injection variants ranked by stealth level, from basic CreateRemoteThread to threadless injection that avoids spawning new threads entirely. One honest take: this is pure red team tradecraft, so context matters.
Install to Claude Code
npx -y skills add hypnguyen1209/offensive-claude --skill edr-evasion --agent claude-codeInstalls into .claude/skills of the current project.
Agent, run crypto. Access onchain data & trade routes via 1inch.
Install now →
On Capafy, your Skill runs online 24/7 as an agent product, and you get paid every time someone uses it.
Start earning →
An agent that runs the SEO playbooks that move rankings and ships PRs you control.
Get founding access →
Connect Claude to +800M contacts, +150M companies. Find & Enrich leads in chat.
Try For Free →Files
SKILL.md
Select a file.
Featured
Agent, run crypto. Access onchain data & trade routes via 1inch.
Install now →On Capafy, your Skill runs online 24/7 as an agent product, and you get paid every time someone uses it.
Start earning →An agent that runs the SEO playbooks that move rankings and ships PRs you control.
Get founding access →Connect Claude to +800M contacts, +150M companies. Find & Enrich leads in chat.
Try For Free →
