Metasploit mailing list archives
Re: Bypassing AV for Java payloads
From: "HD Moore" <x () hdm io>
Date: Sat, 2 Aug 2014 00:12:20 -0500
There is no reason it cant - We even ship the JRE with the official installer, but so far nobody has built obfuscators for the java payloads. If you do so without needing the JDK installed to rebuild each time, even better. -HD
-----Original Message----- From: framework [mailto:framework-bounces () spool metasploit com] On Behalf Of Pedro Ribeiro Sent: Friday, August 1, 2014 7:02 PM To: Metasploit List Subject: [framework] Bypassing AV for Java payloads Hi, I'm testing a module that uses a Java WAR payload, and it's detected by most AVs, even a 2 year old Windows Defender installation. I know this is an arms race, but what can we do to make the Java payload harder to detect in the framework? Can it be regenerated / packed at every run? Or maybe have some kind of git hook that regenerates it at every new release? Regards, Pedro _______________________________________________ https://dev.metasploit.com/mailman/listinfo/framework
_______________________________________________ https://dev.metasploit.com/mailman/listinfo/framework
Current thread:
- Bypassing AV for Java payloads Pedro Ribeiro (Aug 01)
- Re: Bypassing AV for Java payloads HD Moore (Aug 01)
- Re: Bypassing AV for Java payloads Michael Schierl (Aug 02)
- Re: Bypassing AV for Java payloads HD Moore (Aug 02)
- Re: Bypassing AV for Java payloads Michael Schierl (Aug 02)
- Re: Bypassing AV for Java payloads Michael Schierl (Aug 02)
- Re: Bypassing AV for Java payloads HD Moore (Aug 01)