Current State of the Art (2025)

The offensive security landscape is evolving rapidly. Understanding current trends helps you build relevant, future-proof skills:

Trend 1: EDR Evasion is the New Normal

THE SHIFT:
2010-2015: Evading antivirus = basic obfuscation
2015-2020: AV → EDR, techniques got more complex
2020-2025: EDR everywhere, evasion is core skill

CURRENT TECHNIQUES:
• Direct syscalls (bypass userland hooks)
• Unhooking ntdll.dll
• BYOVD (Bring Your Own Vulnerable Driver)
• Process injection without suspicious API calls
• Sleeping techniques (Ekko, Zilean)
• Hardware breakpoints for execution

MODULES COVERING THIS:
• Module 2: Direct/Indirect Syscalls
• Module 6: Evasion & Obfuscation
• Module 13: Packing, Crypting, and Protection

Trend 2: Living Off the Land (LOLBins) 2.0

EVOLUTION:
Phase 1: PowerShell, WMI, native Windows tools
Phase 2: Defenders got wise, added telemetry (AMSI, ETW)
Phase 3: Now using lesser-known LOLBins and creative abuse

EXAMPLES:
• MSBuild.exe for code execution
• InstallUtil.exe for persistence
• RegAsm.exe / RegSvcs.exe for execution
• BITSAdmin for file transfer
• Dllhost.exe COM hijacking

WHY IT MATTERS:
• Signed by Microsoft = trusted
• Already on system = no IOC from download
• Defenders slower to detect creative abuse

THIS COURSE:
• Module 7: Persistence Mechanisms
• Module 9: Hooking & Interception (COM abuse)

Trend 3: Supply Chain and Initial Access Focus

OBSERVATION:
• Post-exploitation tools are mature
• Initial access is the hard part now
• Supply chain attacks increasing

TECHNIQUES:
• DLL sideloading with legitimate software
• Package manager poisoning (PyPI, npm, NuGet)
• Trusted process abuse
• Code signing certificate theft/abuse
• Installer manipulation

RELEVANCE:
While this course focuses on post-exploitation, understanding
initial access helps you design better overall operations.

Trend 4: Cloud and Container Post-Exploitation

NEW TARGETS:
• Kubernetes clusters
• Docker containers
• AWS/Azure/GCP environments
• Serverless functions

TECHNIQUES:
• Container escape
• Cloud credential theft (IMDS abuse)
• Kubernetes API abuse
• Lambda/Function persistence
• Cloud storage enumeration

FUTURE MODULE POTENTIAL:
This course focuses on Windows, but Go's cross-platform
nature means techniques transfer to Linux containers.

Trend 5: AI/ML in Offensive Security

CURRENT APPLICATIONS:
• Large language models for social engineering
• Automated vulnerability discovery
• Evasion technique generation
• Phishing content generation
• Log/detection evasion

EXAMPLE:
Using LLMs to generate polymorphic code variants that
bypass static signatures while maintaining functionality.

CAUTION:
AI is a tool, not a replacement for understanding fundamentals.
This course teaches you the fundamentals first.

What’s Coming Next (2025-2030 Predictions)

Based on current trajectories:

1. Kernel-Mode Operations Will Become Standard

WHY:
• Userland heavily monitored (EDR hooks everywhere)
• Kernel callbacks detect userland evasion
• PPL (Protected Process Light) blocking userland attacks

TECHNIQUES:
• BYOVD will evolve
• Direct kernel object manipulation
• Kernel shellcode execution
• Hypervisor-level rootkits (for research)

THIS COURSE:
Module 14 covers kernel interaction fundamentals

2. Hardware-Based Evasion

EMERGING AREAS:
• CPU cache attacks (Spectre-like side channels)
• Hardware breakpoint abuse for stealthy execution
• DMA (Direct Memory Access) attacks
• Firmware implants (UEFI/BIOS level)

RELEVANCE:
Software-only evasion may not be enough soon.
Understanding hardware helps future-proof your skills.

3. Quantum-Safe Cryptography in C2

DRIVER:
Quantum computing threatens current encryption

IMPACT:
• Post-quantum algorithms for C2 channels
• Larger key sizes, different primitives
• Performance considerations

TIMING:
Not urgent yet, but starting to appear in requirements

4. Zero-Trust Architecture Challenges

DEFENSIVE TREND:
Organizations implementing Zero Trust (verify everything)

OFFENSIVE RESPONSE:
• Token theft becomes more valuable
• Living-off-the-land even more important
• Lateral movement gets harder
• Need to operate within assumed breach model

IMPLICATION:
Quality over quantity - each compromise must count

Skills That Will Always Matter

Despite changing trends, core skills remain valuable:

TIMELESS SKILLS:
✓ Understanding operating system internals
✓ Assembly language and low-level concepts
✓ Network protocols and communication
✓ Cryptography fundamentals
✓ Software development best practices
✓ Reverse engineering ability
✓ Critical thinking and problem-solving

TRENDS MAY CHANGE, FUNDAMENTALS DON'T.
This course teaches you fundamentals using Go as the vehicle.

|TOC| |PREV| |NEXT|