REVIEW: RED TEAM Operator: Windows Evasion Course by SEKTOR7 Institute

This is my review of the RED TEAM Operator: Windows Evasion Course offered by SEKTOR7 InstituteAs an affiliate, I make money with qualifying purchases.

RED TEAM Operator: Windows Evasion is an intermediate/advanced course that outlines several techniques which can be used to subvert security software (EDR, AntiVirus, Logging, …) on Windows systems.

I was really excited when this course was announced because I work with EDR software a lot at work. Learning about how my tools may be broken is something I have a vested interest in.

Overall I enjoyed this course. It exposes you to the basics of defense evasion on Windows systems, but by no means was this a comprehensive course on the subject. This is not a knock on the course’s quality. Evasion is a deep subject. A comprehensive course would be rather large.

You will acquire a basic understanding of how malicious software evades detection. After I finished this course, I feel that I have a better understanding of evasion and a solid foundation of knowledge to build off of.

I would recommend this course to anyone with a desire to learn the basics of evading defensive software on Windows systems who already possesses intermediate to advanced programming abilities. If you do not like programming, or are very new to programming, you will probably have a hard time understanding the content.

The provided code examples are written in C and interface with the Windows API.

Prerequisite Knowledge

This course’s author recommends having the following prerequisite knowledge prior to attempting this course:

  • Recommended: taking Malware Development Essentials and Malware Development Intermediate courses. These can be skipped if you are already comfortable with most of the topics outlined in these course’s descriptions.
  • C/C++ programming knowledge, specifically on Windows operating systems. You don’t have to be a master.

As I worked through the course, I made bookmarks of all of the supplemental material I read. I made this word map based on the tags I used for each bookmark. I feel that if you are familiar with most of these topics, you should be able to follow along without any major setbacks:

win32 antivirus minifilter threads ppid spoofing codesigning pentesting sandbox execute-assembly carbonblack etw clispoofing COM EDR hooking unhooking sysmon hashing shellcode hunting authenticode debugger .NET C# fltmc msatp handles amsi WMI threathunting nativeapi hexeditor malware services eventlogs registry syscalls processes

Hardware Requirements

  • 4 GB of RAM
  • 30 GB of free disk space
  • VirtualBox 6.0+

What’s Included

  • A 18.4GB Windows virtual machine with all of the tools required to follow along with this course pre-installed
  • A zip file containing example code
  • ~3.5 hours of on-demand video content
  • 4 assignments

The Good

This course is unique. I don’t know of any other generally available courses that cover the same material. If you know of any, I would love to see them.

I feel that the cost of $239 was reasonable. I have attended workshops which costed more and did not cover as much.

The material was interesting and easy for me to follow along with.

The speaker spoke clearly and succinctly. I was able to understand the audio clearly at 1.75x speed.

I didn’t feel that any of the lessons were too short or unnecessarily long.

The assignments were relevant. I felt that they were not overly simple or too hard.

The code examples were well-written.

Contacting Customer Support was very fast and easy (automated for my particular issue).

The Bad

The videos are streaming only. I assume this is to prevent piracy and provide a richer experience, but I appreciate being able to view videos or listen to audio offline.

I had to contact support due to an issue with the code example zip file being corrupted. There were instructions on the download page to email them if you were affected. Within about a minute of emailing support, I received an automated email with a download link. This issue will almost certainly be fixed by the time you take this course, but it was slightly annoying.

The code examples had minor issues with whitespace and a couple of typos. This wasn’t a huge deal, but all the trailing whitespace really stood out in my editor.


I bookmarked all of the sites I visited while taking this course on my Pinboard account with the tag of “rtoevasion”. Here they are in alphabetical order:!res/2021/!res/2021/

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s