Metasploit mailing list archives

Re: shellcodeexec to bypass AV ?

From: HD Moore <hdm () metasploit com>
Date: Fri, 15 Apr 2011 23:14:29 -0500

On 4/15/2011 8:15 PM, HD Moore wrote:

On 4/14/2011 3:15 PM, Houcem HACHICHA wrote:


The author claims that the script makes Meterpreter bypass AV (better
than Msfencode).

If this is true, can this be implemented in MSF ?


I apologize for the previous grammar - what I get for writing a reply on
the way out the door.  Regarding AV evasion, its only something worth
merging into the SVN tree if it involves a technique that the user
controls. Anything static results in an immediate signature, courtesy of
our AV friends. We would happily accept patches for AV evasion that
involve the user specifying some unique EXE or file that results in a
different signature per user. Adding the same technique for all users
generally just delays the problem by 3 days :)

-HD
_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework

Current thread:

shellcodeexec to bypass AV ? Houcem HACHICHA (Apr 14)
- Re: shellcodeexec to bypass AV ? John B (Apr 15)
- Re: shellcodeexec to bypass AV ? HD Moore (Apr 15)
  - Re: shellcodeexec to bypass AV ? HD Moore (Apr 15)
    - Re: shellcodeexec to bypass AV ? Willard Dawson (Apr 17)
    - Re: shellcodeexec to bypass AV ? HD Moore (Apr 17)