# Deceiving Defender

- [Deceiving Defender: Making nc.exe viable again](/0xtriboulet/archive/notice/deceiving-defender/deceiving-defender-making-nc.exe-viable-again.md): nc.exe is a powerful utility that allows for cross-platform connections. Many modern antivirus definitions detect nc.exe and prevent its use for Red Team operations
- [Deceiving Defender: Classic Bypass](/0xtriboulet/archive/notice/deceiving-defender/deceiving-defender-classic-bypass.md): A practical workflow for bypassing Windows Defender disk detection using ThreatCheck, Ghidra, and Cpp
- [Deceiving Defender: Name Bypass](/0xtriboulet/archive/notice/deceiving-defender/deceiving-defender-name-bypass.md): A simple name checking technique that bypasses Windows Defender protections on Windows 11 and Windows 10
- [Deceiving Defender: The Texas Two Step](/0xtriboulet/archive/notice/deceiving-defender/deceiving-defender-the-texas-two-step.md): Utilizing a novel high-level methodology to bypass the increased protections of Windows Defender on Windows 11 systems in order to make mimikatz.exe viable again
- [Deceiving Defender: The Big Stack Bypass](/0xtriboulet/archive/notice/deceiving-defender/deceiving-defender-the-big-stack-bypass.md): Defeating Windows Defender detection on Windows 10 by creating a large (>2MB) payload allocated on the stack
- [Making Meterpreter Viable Again](/0xtriboulet/archive/notice/deceiving-defender/deceiving-defender-the-big-stack-bypass/making-meterpreter-viable-again.md): In this demonstration of the Big Stack Bypass, we take one of the most signatured payloads in offensive security and successfully bypass Windows Defender and other AV engines
- [Deceiving Defender: Meterpreter](/0xtriboulet/archive/notice/deceiving-defender/deceiving-defender-meterpreter.md): Demonstrating manual manipulation of a meterpreter payload in order to bypass Windows Defender