I tweeted today about evading Avast! and needs a bit of clarification. First off, I used parts of the Ghost Writing tutorial, however as I'm just learning assembly and writing my own randomization operation has been completely trial and ALL error.
What I ended up with was a binary that neither Trend Office Scan or Avast! detected as malicious. Avast! was suspicious, but would allow you to run it, failing to detect the reverse Meterpreter session. Trend OfficeScan just ran the executable and didn't even bat an eye at it. Corporate America uses what?
So its dirty; very dirty. Still working on it. More to come, I hope.
Darren
No comments:
Post a Comment