New Skill Forged: Evading EDR

Mar 27, 2026 Skill Forge web

New Skill Forged

Evading EDR: The Definitive Guide to Defeating Endpoint Detection Systems by Matt Hand. 280 pages.

Windows EDR internals from kernel callbacks to AMSI — how sensors work, what they see, and the architectural principles behind robust detection engineering. Required reading for both detection engineers and red teamers.

What this skill teaches Claude to do:

Describe EDR architecture: agent, sensors, telemetry, and detection engine
Explain function-hooking DLLs: how ntdll patching provides API visibility
Explain kernel callback sensors: PsSetCreateProcessNotifyRoutine, ObRegisterCallbacks
…and 7 more

Browse the full skill at /skills/evading-edr

Forged from 4,939 books. Auto-generated by the Skill Forge pipeline.

view the full skill → /skills/evading-edr