> For the complete documentation index, see [llms.txt](https://kwcsec.gitbook.io/the-red-team-handbook/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://kwcsec.gitbook.io/the-red-team-handbook/techniques/defense-evasion.md).

# Defense Evasion

- [Binary Properties and Code Signing](https://kwcsec.gitbook.io/the-red-team-handbook/techniques/defense-evasion/binary-properties-and-code-signing.md)
- [ATA/ATP](https://kwcsec.gitbook.io/the-red-team-handbook/techniques/defense-evasion/ata-atp.md)
- [Important Note](https://kwcsec.gitbook.io/the-red-team-handbook/techniques/defense-evasion/ata-atp/note.md)
- [Intro](https://kwcsec.gitbook.io/the-red-team-handbook/techniques/defense-evasion/ata-atp/intro.md)
- [Lateral Movement](https://kwcsec.gitbook.io/the-red-team-handbook/techniques/defense-evasion/ata-atp/lateral-movement.md)
- [Domain Dominance](https://kwcsec.gitbook.io/the-red-team-handbook/techniques/defense-evasion/ata-atp/domain-dominance.md)
- [Identification](https://kwcsec.gitbook.io/the-red-team-handbook/techniques/defense-evasion/ata-atp/identifying.md)
- [Recon](https://kwcsec.gitbook.io/the-red-team-handbook/techniques/defense-evasion/ata-atp/recon.md)
- [Blocking/Disabling Telemetry](https://kwcsec.gitbook.io/the-red-team-handbook/techniques/defense-evasion/ata-atp/blocking-disabling-telemetry.md)
- [Trusted Installer](https://kwcsec.gitbook.io/the-red-team-handbook/techniques/defense-evasion/ata-atp/blocking-disabling-telemetry/trusted-installer.md)
- [Tips and Tricks](https://kwcsec.gitbook.io/the-red-team-handbook/techniques/defense-evasion/tips-and-tricks.md)
- [Basics](https://kwcsec.gitbook.io/the-red-team-handbook/techniques/defense-evasion/basics.md)
- [IOCs](https://kwcsec.gitbook.io/the-red-team-handbook/techniques/defense-evasion/basics/iocs.md)
- [High Level Overview of EDR technologies](https://kwcsec.gitbook.io/the-red-team-handbook/techniques/defense-evasion/basics/iocs/high-level-overview-of-edr-technologies.md)
- [Sandbox Evasion](https://kwcsec.gitbook.io/the-red-team-handbook/techniques/defense-evasion/basics/sandbox-evasion.md)
- [Obfuscating Imports](https://kwcsec.gitbook.io/the-red-team-handbook/techniques/defense-evasion/basics/obfuscating-imports.md)
- [Bootstrapping](https://kwcsec.gitbook.io/the-red-team-handbook/techniques/defense-evasion/basics/obfuscating-imports/bootstrapping.md)
- [Encrypting Strings](https://kwcsec.gitbook.io/the-red-team-handbook/techniques/defense-evasion/basics/encrypting-strings.md)
- [Disabling/Patching Telemetry](https://kwcsec.gitbook.io/the-red-team-handbook/techniques/defense-evasion/disabling-patching-telemetry.md)
- [ETW Bypasses](https://kwcsec.gitbook.io/the-red-team-handbook/techniques/defense-evasion/disabling-patching-telemetry/etw-bypasses.md)
- [AMSI Bypasses](https://kwcsec.gitbook.io/the-red-team-handbook/techniques/defense-evasion/disabling-patching-telemetry/amsi-bypasses.md)
- [Minimization](https://kwcsec.gitbook.io/the-red-team-handbook/techniques/defense-evasion/minimization.md)
- [Commands to Avoid](https://kwcsec.gitbook.io/the-red-team-handbook/techniques/defense-evasion/minimization/commands-to-avoid.md)
- [Pivoting](https://kwcsec.gitbook.io/the-red-team-handbook/techniques/defense-evasion/minimization/pivoting.md)
- [Benefits of Using APIs](https://kwcsec.gitbook.io/the-red-team-handbook/techniques/defense-evasion/minimization/benefits-of-using-apis.md)
- [Thread-less Payload Execution](https://kwcsec.gitbook.io/the-red-team-handbook/techniques/defense-evasion/minimization/thread-less-payload-execution.md)
- [DLL Hollowing](https://kwcsec.gitbook.io/the-red-team-handbook/techniques/defense-evasion/minimization/module-stomping.md)
- [Misdirection](https://kwcsec.gitbook.io/the-red-team-handbook/techniques/defense-evasion/misdirection.md)
- [Command Line Argument Spoofing](https://kwcsec.gitbook.io/the-red-team-handbook/techniques/defense-evasion/misdirection/command-line-argument-spoofing.md)
- [PPID Spoofing via CreateProcess](https://kwcsec.gitbook.io/the-red-team-handbook/techniques/defense-evasion/misdirection/ppid-spoofing-via-createprocess.md)
- [Switching Parents](https://kwcsec.gitbook.io/the-red-team-handbook/techniques/defense-evasion/misdirection/switching-parents.md)
- [Dechaining via WMI](https://kwcsec.gitbook.io/the-red-team-handbook/techniques/defense-evasion/misdirection/switching-parents/ppid-spoofing-via-wmi.md)
- [Hiding our Payloads](https://kwcsec.gitbook.io/the-red-team-handbook/techniques/defense-evasion/hiding-our-payloads.md)
- [Event Logs](https://kwcsec.gitbook.io/the-red-team-handbook/techniques/defense-evasion/hiding-our-payloads/event-logs.md)
- [File metadata](https://kwcsec.gitbook.io/the-red-team-handbook/techniques/defense-evasion/hiding-our-payloads/file-metadata.md)
- [Registry Keys](https://kwcsec.gitbook.io/the-red-team-handbook/techniques/defense-evasion/hiding-our-payloads/registry-keys.md)
- [ADS](https://kwcsec.gitbook.io/the-red-team-handbook/techniques/defense-evasion/hiding-our-payloads/ads.md)
- [IPC For Evasion and Control](https://kwcsec.gitbook.io/the-red-team-handbook/techniques/defense-evasion/ipc-for-sandbox-evasion-and-organization.md)
