Metasploit mailing list archives
Re: shellcodeexec to bypass AV ?
From: "Willard Dawson" <wfdawson () bellsouth net>
Date: Sun, 17 Apr 2011 07:52:35 -0400
Any thoughts on this one? Along similar lines as shellcodeexec, I assume. http://www.exploit-db.com/download_pdf/14662/ https://sites.google.com/site/mamit30/home/injector From: framework-bounces () spool metasploit com [mailto:framework-bounces () spool metasploit com] On Behalf Of HD Moore Sent: Saturday, April 16, 2011 12:14 AM To: framework () spool metasploit com Subject: Re: [framework] shellcodeexec to bypass AV ? On 4/15/2011 8:15 PM, HD Moore wrote:
On 4/14/2011 3:15 PM, Houcem HACHICHA wrote:The author claims that the script makes Meterpreter bypass AV (better than Msfencode). If this is true, can this be implemented in MSF ?
I apologize for the previous grammar - what I get for writing a reply on the way out the door. Regarding AV evasion, its only something worth merging into the SVN tree if it involves a technique that the user controls. Anything static results in an immediate signature, courtesy of our AV friends. We would happily accept patches for AV evasion that involve the user specifying some unique EXE or file that results in a different signature per user. Adding the same technique for all users generally just delays the problem by 3 days :) -HD _______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework _____ No virus found in this message. Checked by AVG - www.avg.com Version: 10.0.1209 / Virus Database: 1500/3576 - Release Date: 04/15/11
_______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
Current thread:
- shellcodeexec to bypass AV ? Houcem HACHICHA (Apr 14)
- Re: shellcodeexec to bypass AV ? John B (Apr 15)
- Re: shellcodeexec to bypass AV ? HD Moore (Apr 15)
- Re: shellcodeexec to bypass AV ? HD Moore (Apr 15)
- Re: shellcodeexec to bypass AV ? Willard Dawson (Apr 17)
- Re: shellcodeexec to bypass AV ? HD Moore (Apr 17)
- Re: shellcodeexec to bypass AV ? HD Moore (Apr 15)