[ELS-TUT] Evading Antiviruses with msfencode

[Armando 155]

New video available in our Youtube channel!

Here you can see the difference between using staged and non staged shellcodes from a functional point of view and under the perspective of a pentester who wants to evade AV's. Then we dive into msfencode and its usage to bypass AV's.

Congrats to matugm for his great job.

Please rate this video and show your immense gratitude to matugm

[ps_2700 0]

Such an excellent tutorial!! Thanks matugm for this illustration.

I have a question, is it possible to camouflage a payload to be 100% undetected by using an in-house encoding rather than public encoding engines? How difficult?

[matugm 64]

Yes,it is possible to get 100% from all well-know AV using a private encoding engine but I would say 99% just in case because some might still flag it via heuristics,if you want to try for yourself find some underground forum where some of those encoders are regularly posted,just take care when playing with this kind of stuff an do it on a VM also you want to check that the payload still works because the encoding process can break it,but if you wanna get an idea on how this works take a look at this video.

"I piss on your AV" (offensive security)

You can even try to reproduce this if you are comfortable with ollydbg,but I can already tell you this technique won't work with most of today AVs (I tried it myself,even with some variations)

[typeOne 1]

thanks for the Shmoocon Presentation link, watching now ...