This is a technical reference for bypassing Windows antivirus and EDR during security assessments. It covers AMSI and ETW patching, in-memory .NET assembly loading, shellcode execution via callback APIs, and process injection techniques ranging from the classic CreateRemoteThread to stealthier methods like Early Bird APC and transacted hollowing. The unhooking section is solid, walking through direct syscalls with SysWhispers, fresh ntdll copying, and indirect syscall patterns. You'd load this when your tooling is getting flagged and you need specific bypass chains. The skill pairs well with privilege escalation and lateral movement skills since those often trigger detections. It's dense and assumes you understand Windows internals, so this isn't a beginner resource.
npx skills add https://github.com/yaklang/hack-skills --skill windows-av-evasion