Metasploit mailing list archives
Re: Shikata_ga_nai evasion...
From: John Biondolillo <johnb.electric () gmail com>
Date: Thu, 18 Mar 2010 10:38:02 -0400
I've been able to bypass AV's by writing my own loader, not my own template file but actually a small program that injects shellcode into memory. So I use msfpayload to output to C then copy the shellcode into my own loader and compile and I'm AV free. The other thing you should watch out for is unless the online scanner has a option to not submit the sample once you upload something it is submitted to the AV vendors and then they will create signatures for it so I don't upload anything I want to keep undetected. So to review the only way to be 100% undetected is to write your own stuff. Using something thats out there in the public will never be 100% undetectable. The best skill I've ever learned is programming, you don't need to be an expert but with a little knowledge you don't have to rely on other people to make undetectable tools you can make your own. John
_______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
Current thread:
- Re: Shikata_ga_nai evasion..., (continued)
- Re: Shikata_ga_nai evasion... netevil (Mar 14)
- Re: Shikata_ga_nai evasion... ricky-lee birtles (Mar 14)
- Re: Shikata_ga_nai evasion... Terrence (Mar 14)
- Re: Shikata_ga_nai evasion... netevil (Mar 14)
- Message not available
- Re: Shikata_ga_nai evasion... netevil (Mar 14)
- Re: Shikata_ga_nai evasion... Terrence (Mar 14)
- Message not available
- Re: Shikata_ga_nai evasion... netevil (Mar 14)
- Re: Shikata_ga_nai evasion... 5.K1dd (Mar 14)
- Re: Shikata_ga_nai evasion... Menerick, John (Mar 16)
- Re: Shikata_ga_nai evasion... John Biondolillo (Mar 18)