Shellcode Evasion in 2025: What Still Works (and What Doesn’t) #60

In this episode of The Hacker’s Cache, Kyser Clark sits down with Red Team Consultant Robert O’Connor to unpack the realities of shellcode evasion in 2025. They dive into how antivirus and EDR solutions actually detect malicious payloads, the rise of fileless malware, and why network-level detection is still overlooked. Robert shares his hands-on experience building custom evasion techniques, his transition from pentesting to red teaming, and how certifications like CRTO and OSED fit into the bigger picture. Whether you’re a pentester, red teamer, or just curious about modern adversary simulation, this conversation reveals what still works, what doesn’t, and where the field is heading.

Connect with Robert O’Connor on LinkedIn:   / robert-o-connor-16634a164  

Follow Robert on Twitter: https://x.com/Eternal_NOP

Join this channel to get access to perks:
   / @kyserclark  

As a cybersecurity professional with over seven years of experience, I focus on strengthening digital assets against ever-changing cyber threats. I specialize in penetration testing, ethical hacking, red teaming, and offensive security. I excel at uncovering and addressing vulnerabilities in networks and web applications.

My mission is to make cyberspace better & safer for everyone by committing to lifelong learning, sharing knowledge with the community, and inspiring others to do the same.

Credentials:

• 7+ Years Cybersecurity Experience

• BS & MS in Cybersecurity Management and Policy from UMGC.

• 17 certifications including OSCP, OSWA, CISSP, PWPA, eJPT, OSWP, SAL1, SecurityX, PenTest+, CEH, CySA+, CCNA, Cyber Ops-A, Cloud+, Linux+, Security+, and Network+.

• Pwned 100+ HTB machines and mastered 200+ THM rooms, securing top leaderboard rankings on both platforms.

• United States Air Force Veteran

Time Stamps
---------------------------------------------------
0:00 - Introduction
5:47 - Web App Pentesting
7:48 - Will Internal Pentesting Become a Niche Specialty?
11:24 - Security Mad Libs
16:47 - False Job Descriptions?
18:06 - CRTO Relevance
21:57 - Why Get OSED?
26:15 - Avoiding Detection: EDR vs. AV
31:40 - Most Interesting Ways to Compromise AD
35:24 - Bold Prediction for the Future of the Field


Connect
---------------------------------------------------
https://www.KyserClark.com
https://www.KyserClark.com/Newsletter
https://podcast.KyserClark.com
  / kyserclark  
  / kyserclark  
https://www.instagram/KyserClark
  / cyberkyser  
  / kyserclark_cybersecurity  
  / kyserclark  
https://kick.com/kyserclark-cybersecu...
  / discord  
https://streamlabs.com/kyserclark_cyb...

Tags
---------------------------------------------------
#Cybersecurity #infosec #informationsecurity #datasecurity #cybersecurityexpert #cybersecurityexperts #cybersecuritytips #cybersecuritytraining #hacking #hacking_pro #hacker #hackers #ethicalhacking #ethicalhacker #hackerman #hacked #penetrationtesters #penetrationtesting #pentesting #pentesting #pentesting #pentester #redteam #redteaming #offensivesecurity #security #technology #tech #IT #informationtechnology #Cyber #computerscience #LearnShareInspire #KyserClark #Kyser #shellcode #malware #EDR #ActiveDirectory #OSED

Music
---------------------------------------------------
All music featured in this video is by Karl Casey @ White Bat Audio.

Disclaimer
---------------------------------------------------
Attention viewers: This video is strictly for educational purposes, emphasizing ETHICAL and LEGAL hacking only. I do not, and will NEVER, condone the act of illegally hacking into computer systems and networks for any reason. My goal is to foster cybersecurity awareness and responsible digital behavior. Please behave responsibly and adhere to legal and ethical standards in your use of this information.

The postings on this site are my own and may not represent the positions of my employer.