Evasion Engineering: Building Custom Red Team Tools for Modern Defenses
暫譯: 逃避工程:為現代防禦構建自訂紅隊工具
Chow, Dennis, Lasalvia, Michael
- 出版商: No Starch Press
- 出版日期: 2026-07-07
- 售價: $2,130
- 貴賓價: 9.5 折 $2,023
- 語言: 英文
- 頁數: 256
- 裝訂: Quality Paper - also called trade paper
- ISBN: 1718505043
- ISBN-13: 9781718505049
-
相關分類:
Metasploit
尚未上市,無法訂購
商品描述
If your tooling is public, it's already known. Defenders have studied every public offensive framework. They know Cobalt Strike's beacon patterns, Metasploit's shellcode signatures, and the behavioral fingerprints of every commodity implant. Once it's known, the tool gets burned. As a red teamer, your job is to get in. When defenders know your tools, they know your moves--and you don't get in. Evasion Engineering teaches you to build custom offensive tooling in Go by understanding what modern defenses actually target and building around them. You'll construct network enumerators, C2 implants, lateral movement tools, obfuscated loaders, and covert exfiltration channels. Each chapter then flips the perspective: the same techniques, examined from the detection side. Build the tool. Understand how it gets caught. Build better. Dennis Chow (GIAC Security Expert #288) and Michael LaSalvia bring 36 combined years of experience inside Fortune 500 red team programs. They treat payload development as an engineering discipline: robustness, reusability, and reliability built in from the start, not bolted on after the fact. You'll learn to:
If you've been relying on tools the defender already knows, this book is where that changes. Requires Go 1.21.x and higher and Python 3.x
- Build enumeration tools that don't match known signatures
- Develop C2 implants with custom protocols that bypass network inspection
- Implement lateral movement via autonomous worm mechanics
- Create hybrid-packed payloads that defeat AV and EDR
- Exfiltrate data through covert channels under active monitoring
- Map every technique to its detection surface and validate your results
If you've been relying on tools the defender already knows, this book is where that changes. Requires Go 1.21.x and higher and Python 3.x
商品描述(中文翻譯)
如果你的工具是公開的,那麼它已經被人知道了。
防禦者已經研究過每一個公開的攻擊框架。他們了解 Cobalt Strike 的信標模式、Metasploit 的 shellcode 簽名,以及每個商品植入物的行為指紋。一旦被知道,這個工具就會被曝光。 作為紅隊成員,你的工作是進入系統。當防禦者知道你的工具時,他們就知道你的行動——而你無法進入系統。逃避工程教你如何通過理解現代防禦實際針對的內容來構建自定義的攻擊工具,並圍繞這些內容進行構建。 你將構建網路枚舉工具、C2 植入物、橫向移動工具、混淆加載器和隱秘的數據外洩通道。每一章都會轉換視角:從檢測的角度檢視相同的技術。構建工具。了解它是如何被捕獲的。改進構建。 Dennis Chow (GIAC Security Expert #288) 和 Michael LaSalvia 擁有 36 年的經驗,曾在 Fortune 500 的紅隊計劃中工作。他們將有效載荷開發視為一種工程學科:從一開始就內建穩健性、可重用性和可靠性,而不是事後再加上去。 你將學會:- 構建不匹配已知簽名的枚舉工具
- 開發具有自定義協議的 C2 植入物,以繞過網路檢查
- 通過自主蠕蟲機制實現橫向移動
- 創建混合打包的有效載荷,以擊敗 AV 和 EDR
- 在主動監控下通過隱秘通道外洩數據
- 將每個技術映射到其檢測面並驗證你的結果
如果你一直依賴防禦者已經知道的工具,那麼這本書將改變這一點。 需要 Go 1.21.x 及更高版本和 Python 3.x。
作者簡介
Dennis Chow has worked in penetration testing, cloud security, and detection engineering across Amazon Web Services, UKG, and multiple Fortune 500 companies and US government agencies. He holds the GIAC Security Expert (GSE) certification. Michael LaSalvia has more than two decades of experience in offensive security and red teaming. Currently a manager of adversarial simulation at Protiviti, he has built and led red team programs for global enterprises including Fidelity National Financial, KPMG, Pfizer, and GSK.
作者簡介(中文翻譯)
Dennis Chow 曾在滲透測試、雲端安全和檢測工程方面工作,服務於 Amazon Web Services、UKG 以及多家《財富》500 強公司和美國政府機構。他持有 GIAC Security Expert (GSE) 認證。
Michael LaSalvia 在攻擊性安全和紅隊方面擁有超過二十年的經驗。目前擔任 Protiviti 的對抗模擬經理,他為包括 Fidelity National Financial、KPMG、Pfizer 和 GSK 在內的全球企業建立並領導紅隊計劃。