All Posts

1. FOREWORD When I started building the Threathunting Academy Evasion course, I spent quite a lot of time researching how MDA (Microsoft Defender AV) and MDE (Microsoft's EDR solution) detection actually works, and how to bypass their logic. How exactly do they detect a malicious payload? How much of it is signatures, how much of it is heuristics, how much of it is machine learning? What are the main indicators they look at? How do they detect obfuscated payloads? How do t