# Deceiving Defender

- [Deceiving Defender: Making nc.exe viable again](https://steve-s.gitbook.io/0xtriboulet/archive/notice/deceiving-defender/deceiving-defender-making-nc.exe-viable-again.md): nc.exe is a powerful utility that allows for cross-platform connections. Many modern antivirus definitions detect nc.exe and prevent its use for Red Team operations
- [Deceiving Defender: Classic Bypass](https://steve-s.gitbook.io/0xtriboulet/archive/notice/deceiving-defender/deceiving-defender-classic-bypass.md): A practical workflow for bypassing Windows Defender disk detection using ThreatCheck, Ghidra, and Cpp
- [Deceiving Defender: Name Bypass](https://steve-s.gitbook.io/0xtriboulet/archive/notice/deceiving-defender/deceiving-defender-name-bypass.md): A simple name checking technique that bypasses Windows Defender protections on Windows 11 and Windows 10
- [Deceiving Defender: The Texas Two Step](https://steve-s.gitbook.io/0xtriboulet/archive/notice/deceiving-defender/deceiving-defender-the-texas-two-step.md): Utilizing a novel high-level methodology to bypass the increased protections of Windows Defender on Windows 11 systems in order to make mimikatz.exe viable again
- [Deceiving Defender: The Big Stack Bypass](https://steve-s.gitbook.io/0xtriboulet/archive/notice/deceiving-defender/deceiving-defender-the-big-stack-bypass.md): Defeating Windows Defender detection on Windows 10 by creating a large (>2MB) payload allocated on the stack
- [Making Meterpreter Viable Again](https://steve-s.gitbook.io/0xtriboulet/archive/notice/deceiving-defender/deceiving-defender-the-big-stack-bypass/making-meterpreter-viable-again.md): In this demonstration of the Big Stack Bypass, we take one of the most signatured payloads in offensive security and successfully bypass Windows Defender and other AV engines
- [Deceiving Defender: Meterpreter](https://steve-s.gitbook.io/0xtriboulet/archive/notice/deceiving-defender/deceiving-defender-meterpreter.md): Demonstrating manual manipulation of a meterpreter payload in order to bypass Windows Defender


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://steve-s.gitbook.io/0xtriboulet/archive/notice/deceiving-defender.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.