Re: Shikata_ga_nai evasion...

["Menerick, John" <jmenerick () netsuite com>]

Try changing the name of the file to some reserved filename such as (PRN, AUX, CON, LPT1, LPT2, COM1, COM2, NUL, 
CLOCK).exe  .  That will get you pass the poorly developed AV programs.


John Menerick
http://www.securesql.info


On Mar 14, 2010, at 12:37 PM, 5.K1dd wrote:

> AVs are tuned to pick up metasploit payloads.  Shikata_ga_nai is the
> default and reverse_tcp is a common payload, so lots of AVs will have
> defs for that.  The exploit is irrelevant btw.  So either change to
> another encoding scheme or pick another payload that is less common.
>
> Or put in a feature request to have shikata_ga_nai tweaked for AV
> evasion. :)
>
> 5.K1dd
> _______________________________________________
> https://mail.metasploit.com/mailman/listinfo/framework

NOTICE: This email and any attachments may contain confidential and proprietary information of NetSuite Inc. and is for 
the sole use of the intended recipient for the stated purpose.  Any improper use or distribution is prohibited.  If you 
are not the intended recipient, please notify the sender; do not review, copy or distribute; and promptly delete or 
destroy all transmitted information.  Please note that all communications and information transmitted through this 
email system may be monitored by NetSuite or its agents and that all incoming email is automatically scanned by a third 
party spam and filtering service.
_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework