HI
There is many method to bypass Antivirus detection!
The Best way is writing your own toolsespecailly using python language.
My question is How to protect your self againt PE portable excuteble and how we make Antivirus to detect for example metasploit payloads?
I will appriciate for yur help
Hi Tony75, if you generate a regular payload using msfvenom with a reverse_TCP connection it should be detected by most antiviruses. However, it is when we use software to remove all of the bad characters that cause detection when the exe is scanned that makes it harder to detect and easier to bypass. Another way is putting junk code into the executable to avoid the AV from picking it up as well. There is really no sure fire way to prevent tools like Veil-evasion or Shellter from practically making the code safe from being detected as malicious by antiviruses. However, we can stop the meterpreter session from occuring. Fortunately there is an awesome firewall that can help us with that called ZoneAlarm.
http://www.zonealarm.com/software/free-firewall/ Turn everything to high in basic firewall settings and you are set for intrusion detection and prevention.
Antivirus companies are hiring people to create these types of viruses in hopes to put a stop to it, but the unfortunate thing is that there are SO many methods to bypass AV as you said, that it makes it nearly impossible to prevent these types of malware from intruding your system and everyone elses. Hope this helps. :)
Hi
Thanks for your answer
By the way ,What you mean with junk code "Another way is putting junk code into the executable to avoid the AV from picking it up "?
Maybe its more intressting!
Think about what a polymorphic virus is. An attacker will usually put junk code into an executable (code that really doesn't need to be there, usually malicious) into the executable upon creation. Usually the bad code or junk code is encrypted, leaving the good safe code being the only thing the antivirus reads when it scans the executable and reads it as safe, because it cannot detect the bad code because it is encrypted. The reason this works is because EVERY company now a days will encrypt their software to avoid people from reverse engineering their software to obtain license keys or other secret information that they would not want anyone to know about.
We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.