Metasploit mailing list archives

Previous By Date Next
Previous By Thread Next

Re: shellcodeexec to bypass AV ?

From: "Willard Dawson" <wfdawson () bellsouth net>
Date: Sun, 17 Apr 2011 07:52:35 -0400
Any thoughts on this one?  Along similar lines as shellcodeexec, I assume.

 

http://www.exploit-db.com/download_pdf/14662/
https://sites.google.com/site/mamit30/home/injector

 

 

From: framework-bounces () spool metasploit com
[mailto:framework-bounces () spool metasploit com] On Behalf Of HD Moore
Sent: Saturday, April 16, 2011 12:14 AM
To: framework () spool metasploit com
Subject: Re: [framework] shellcodeexec to bypass AV ?

 

On 4/15/2011 8:15 PM, HD Moore wrote:

On 4/14/2011 3:15 PM, Houcem HACHICHA wrote:


The author claims that the script makes Meterpreter bypass AV (better
than Msfencode).

If this is true, can this be implemented in MSF ?


I apologize for the previous grammar - what I get for writing a reply on
the way out the door.  Regarding AV evasion, its only something worth
merging into the SVN tree if it involves a technique that the user
controls. Anything static results in an immediate signature, courtesy of
our AV friends. We would happily accept patches for AV evasion that
involve the user specifying some unique EXE or file that results in a
different signature per user. Adding the same technique for all users
generally just delays the problem by 3 days :)

-HD
_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework 

  _____  

No virus found in this message.
Checked by AVG - www.avg.com
Version: 10.0.1209 / Virus Database: 1500/3576 - Release Date: 04/15/11


_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework
Previous By Date Next
Previous By Thread Next

Current thread: