Video Bypassing AntiVirus with Metasploit

[arcsighter at gmail.com (ArcSighter Elite)]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Thierry Zoller wrote:
> Dear Ronald Jr.,
>
> RLRJ> Umm. You missed the feature part. Every time it generates an
> RLRJ> executable it will have new sigs  ;)
> I doubt it, I very well understood it, I meant sigs for the stub,
> unless it's metamorph which I highly suspect and even then.
>
> You are acustomed to what is usualy called "cryptor/packer" i assume ?
>
> Anyways let's see

All antivirus had been succesfully bypassed by what's called Binary
Runtime Encryption/Executable Loading, there are many public tools
available and these are eventually detected by AVs through reactive
methods.

Exception to these are KAV and BitDefender who implement different
proactive methods that detect this memory stuff.

But private tools aren't and they're relatively easy to code.

Also I was doing some research with a mixture of encryption and
reflective Pe loading.

Sincerely.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAklvpdAACgkQH+KgkfcIQ8eqZACg7L7lNLQr778JLPlV3fSWyblI
dLQAoJihuwIqaJ4nWA6vsIrdk8UIQq4w
=jcGH
-----END PGP SIGNATURE-----