Bypassing AntiVirus Scanner

[Axon]

Anti-Virus manufacturers nowadays implements more and more complex functions and algorithms in order to detect the latest and newest viruses along with their variants. There is however simple methods that can be used to bypass most of these, especially those that doesn’t use heuristics and similar techniques at all

[Exon]

This method will only fool the stupidest of AVs, but thanks for posting nontheless, was an interesting read.

[Kulverstukas]

lol I have this paper laying on my desktop for a year probably... still haven't read it, but I'm always hoping I will one day

[Exon]

I wonder if you could fool AVs if you use a really complex custom encoder, or if they'd still detect it...

[jibudada]

there are number of encoder in metasploit. some of them are really great in performance .

root@bt:~# msfencode -l Framework Encoders ================== Name                    Rank       Description ----                    ----       ----------- cmd/generic_sh          good       Generic Shell Variable Substitution Command Encoder cmd/ifs                 low        Generic ${IFS} Substitution Command Encoder cmd/printf_php_mq       manual     printf(1) via PHP magic_quotes Utility Command Encoder generic/none            normal     The "none" Encoder mipsbe/longxor          normal     XOR Encoder mipsle/longxor          normal     XOR Encoder php/base64              great      PHP Base64 encoder ppc/longxor             normal     PPC LongXOR Encoder ppc/longxor_tag         normal     PPC LongXOR Encoder sparc/longxor_tag       normal     SPARC DWORD XOR Encoder x64/xor                 normal     XOR Encoder x86/alpha_mixed         low        Alpha2 Alphanumeric Mixedcase Encoder x86/alpha_upper         low        Alpha2 Alphanumeric Uppercase Encoder x86/avoid_utf8_tolower  manual     Avoid UTF8/tolower x86/call4_dword_xor     normal     Call+4 Dword XOR Encoder x86/context_cpuid       manual     CPUID-based Context Keyed Payload Encoder x86/context_stat        manual     stat(2)-based Context Keyed Payload Encoder x86/context_time        manual     time(2)-based Context Keyed Payload Encoder x86/countdown           normal     Single-byte XOR Countdown Encoder x86/fnstenv_mov         normal     Variable-length Fnstenv/mov Dword XOR Encoder x86/jmp_call_additive   normal     Jump/Call XOR Additive Feedback Encoder x86/nonalpha            low        Non-Alpha Encoder x86/nonupper            low        Non-Upper Encoder x86/shikata_ga_nai      excellent  Polymorphic XOR Additive Feedback Encoder x86/single_static_bit   manual     Single Static Bit x86/unicode_mixed       manual     Alpha2 Alphanumeric Unicode Mixedcase Encoder x86/unicode_upper       manual     Alpha2 Alphanumeric Unicode Uppercase Encoder

you can bypass antivirus using these decoder
you can also visit
http://www.securitytube.net/groups?operation=view&groupId=10  for detail

[Axon]

there are number of encoder in metasploit. some of them are really great in performance .



 root@bt:~# msfencode -l Framework Encoders ================== Name                    Rank       Description ----                    ----       ----------- cmd/generic_sh          good       Generic Shell Variable Substitution Command Encoder cmd/ifs                 low        Generic ${IFS} Substitution Command Encoder cmd/printf_php_mq       manual     printf(1) via PHP magic_quotes Utility Command Encoder generic/none            normal     The "none" Encoder mipsbe/longxor          normal     XOR Encoder mipsle/longxor          normal     XOR Encoder php/base64              great      PHP Base64 encoder ppc/longxor             normal     PPC LongXOR Encoder ppc/longxor_tag         normal     PPC LongXOR Encoder sparc/longxor_tag       normal     SPARC DWORD XOR Encoder x64/xor                 normal     XOR Encoder x86/alpha_mixed         low        Alpha2 Alphanumeric Mixedcase Encoder x86/alpha_upper         low        Alpha2 Alphanumeric Uppercase Encoder x86/avoid_utf8_tolower  manual     Avoid UTF8/tolower x86/call4_dword_xor     normal     Call+4 Dword XOR Encoder x86/context_cpuid       manual     CPUID-based Context Keyed Payload Encoder x86/context_stat        manual     stat(2)-based Context Keyed Payload Encoder x86/context_time        manual     time(2)-based Context Keyed Payload Encoder x86/countdown           normal     Single-byte XOR Countdown Encoder x86/fnstenv_mov         normal     Variable-length Fnstenv/mov Dword XOR Encoder x86/jmp_call_additive   normal     Jump/Call XOR Additive Feedback Encoder x86/nonalpha            low        Non-Alpha Encoder x86/nonupper            low        Non-Upper Encoder x86/shikata_ga_nai      excellent  Polymorphic XOR Additive Feedback Encoder x86/single_static_bit   manual     Single Static Bit x86/unicode_mixed       manual     Alpha2 Alphanumeric Unicode Mixedcase Encoder x86/unicode_upper       manual     Alpha2 Alphanumeric Unicode Uppercase Encoder


you can bypass antivirus using these decoder
you can also visit
http://www.securitytube.net/groups?operation=view&groupId=10  for detail

Start a new thread?