A practical, detection-aware guide to designing and building custom red team tools that survive in modern enterprise environments. Red Team Toolcraft teaches offensive and defensive security professionals how to reason about tooling behavior through the lens of SIEMs, EDRs, and logging pipelines, and how to use that insight to build bespoke tools engineered for evasion rather than convenience.

Modern enterprises are saturated with telemetry. Endpoint agents, centralized logging, behavioral analytics, and automated detections have made off-the-shelf red team tools increasingly brittle and predictable.

Most red team tools fail not because they’re buggy, but because they behave in ways detection systems are designed to notice. Red Team Toolcraft teaches readers how to think, design, and build differently.

Instead of showing how to run popular frameworks, this book focuses on how offensive tools actually behave in monitored environments and why that behavior so often gives them away. The authors walk readers through the foundations of detection-aware tool design, explaining how payload structure, execution flow, and environmental interaction influence visibility across modern detection stacks.

Each chapter centers on modular, adaptable examples that show not just what works, but why it works. Readers learn how small design decisions surface in logs, alerts, and behavioral analytics, and how thoughtful toolcraft can reduce detection while still achieving realistic adversary objectives.

The result is a field-ready reference for red teamers who need to build their own tools when public ones fail, and for detection engineers and threat hunters who want a clearer view of how advanced operators design tooling to evade automated defenses.

If your tooling is public, it’s already known.

Defenders have studied every public offensive framework. They know Cobalt Strike’s beacon patterns, Metasploit’s shellcode signatures, and the behavioral fingerprints of every commodity implant. Once it’s known, the tool gets burned.

As a red teamer, your job is to get in. When defenders know your tools, they know your moves—and you don’t get in. Evasion Engineering teaches you to build custom offensive tooling in Go by understanding what modern defenses actually target and building around them. 

You’ll construct network enumerators, C2 implants, lateral movement tools, obfuscated loaders, and covert exfiltration channels. Each chapter then flips the perspective: the same techniques, examined from the detection side. Build the tool. Understand how it gets caught. Build better.

Dennis Chow (GIAC Security Expert #288) and Michael LaSalvia bring 36 combined years of experience inside Fortune 500 red team programs. They treat payload development as an engineering discipline: robustness, reusability, and reliability built in from the start, not bolted on after the fact.

You’ll learn to:

• Build enumeration tools that don’t match known signatures 
  
• Develop C2 implants with custom protocols that bypass network inspection
  
• Implement lateral movement via autonomous worm mechanics
  
• Create hybrid-packed payloads that defeat AV and EDR
  
• Exfiltrate data through covert channels under active monitoring
  
• Map every technique to its detection surface and validate your results
  

If you’ve been relying on tools the defender already knows, this book is where that changes. 

Requires Go 1.21.x and higher and Python 3.x