Anti Virus Evasion Techniques

Recently I’ve been playing around with various methods for evading Anti Virus, when deploying a payload to a victim, either through Metasploit or other means.

It seems the AV vendors are targeting the standard Metasploit methods of  encoding payloads, so we have to be a bit more devious to get the payload onto our victim.

What I’m not going to do tho is give you direct AV avoidance commands, I have not put any of these payloads through Virus Total – thats up to you, I’m just trying to show you how it is possible and you should experiment on your own systems and not someone else’s – after all it is illegal.

There are a few avenues I’m gonna explore in this post, from standard Metasploit encoding thro multi encoding payloads and IExpress.

Continue reading

Cool New Metasploit Script

This script is the best reason NOT to use the AutoFill function in web browsers, even Google Chrome. Its new AutoFill function has the ability to store credit card numbers, the info is encrypted, but still not good enough for me.

This meterpreter script just proves my paranoia.

Read the post here

Edit 13/10/2010

This script is now included in Metasploit as of svn update 10663.