Metasploit mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Bypassing AV for Java payloads

From: "HD Moore" <x () hdm io>
Date: Sat, 2 Aug 2014 00:12:20 -0500
There is no reason it cant - We even ship the JRE with the official installer, but so far nobody has built obfuscators 
for the java payloads. If you do so without needing the JDK installed to rebuild each time, even better.

-HD


-----Original Message-----
From: framework [mailto:framework-bounces () spool metasploit com] On Behalf
Of Pedro Ribeiro
Sent: Friday, August 1, 2014 7:02 PM
To: Metasploit List
Subject: [framework] Bypassing AV for Java payloads

Hi,

I'm testing a module that uses a Java WAR payload, and it's detected
by most AVs, even a 2 year old Windows Defender installation.

I know this is an arms race, but what can we do to make the Java
payload harder to detect in the framework? Can it be regenerated /
packed at every run? Or maybe have some kind of git hook that
regenerates it at every new release?

Regards,
Pedro
_______________________________________________
https://dev.metasploit.com/mailman/listinfo/framework


_______________________________________________
https://dev.metasploit.com/mailman/listinfo/framework
Previous By Date Next
Previous By Thread Next

Current thread: