Evasion Engineering: Building Custom Red Team Tools for Modern Defenses

If your tooling is public, it’s already known.

Defenders have studied every public offensive framework. They know Cobalt Strike’s beacon patterns, Metasploit’s shellcode signatures, and the behavioral fingerprints of every commodity implant. Once it’s known, the tool gets burned.

As a red teamer, your job is to get in. When defenders know your tools, they know your moves—and you don’t get in. Evasion Engineering teaches you to build custom offensive tooling in Go by understanding what modern defenses actually target and building around them.

You’ll construct network enumerators, C2 implants, lateral movement tools, obfuscated loaders, and covert exfiltration channels. Each chapter then flips the perspective: the same techniques, examined from the detection side. Build the tool. Understand how it gets caught. Build better.

Dennis Chow (GIAC Security Expert #288) and Michael LaSalvia bring 36 combined years of experience inside Fortune 500 red team programs. They treat payload development as an engineering discipline: robustness, reusability, and reliability built in from the start, not bolted on after the fact.

You’ll learn to

Build enumeration tools that don’t match known signatures
Develop C2 implants with custom protocols that bypass network inspection
Implement lateral movement via autonomous worm mechanics
Create hybrid-packed payloads that defeat AV and EDR
Exfiltrate data through covert channels under active monitoring
Map every technique to its detection surface and validate your results

If you’ve been relying on tools the defender already knows, this book is where that changes.

Requires Go 1.21.x and higher and Python 3.x