Description:
In this video we will look at how to convert Metasploit payloads into EXEs which are undetectable by Anti Viruses. We will use the Metasploit framwork to create these EXEs. Basically the entire process boils down to 2 simple steps: First, use Msfpayload to convert the payload into raw format, then second, use
Msfencode to encode this payload to avoid detection and convert it into an EXE. Both these steps are demonstrated in this video. The author then demonstrates how a fully updated version of AVG is unable to detect this newly created EXE.
Thanks to Amit Malik a.k.a DouBle Zer0 Zer0 for submitting this video to SecurityTube. For those of you who are interested in understanding more about AntiVirus evasion techniques using Metasplot, I would highly recommend reading this paper "
Effectiveness of Antivirus in Detecting Metasploit Payloads" by Mark Baggett from the SANS Institute.
Tags: tools ,
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.
Comments:
Thank you for posting this video. AV avoidance is a topic a lot of people struggle with. Here is an article I wrote that hopefully explains it clearly.
http://www.pentestgeek.com/2012/01/25/using-metasm-to-avoid-antivirus-detection-ghost-writing-asm/
hihi