Metasploit mailing list archives
Re: against EMET?
From: HD Moore <hdm () metasploit com>
Date: Wed, 01 Feb 2012 10:31:20 -0600
On 2/1/2012 8:06 AM, Stephen Haywood wrote:
Is the stager typically caught by the AV because it gets written to disk but the payload doesn't get caught because it is in memory? If that is the case, then learning how to write custom stagers is a good skill to have for bypassing AV right?
The stager is used for both EXE generation and normal payloads (in-memory). AV detection is usually due to the EXE generator's output template hitting known signatures or the mechanics of the stager being detected encoded on disk (but the former is much more common). Getting some experience writing custom payloads of any type (whether its a stager, stage, or single in metasploit terms) will help with HIPS, IDS, and AV evasion. -HD _______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
Current thread:
- against EMET? Jun Koi (Jan 30)
- Re: against EMET? HD Moore (Jan 31)
- Re: against EMET? Stephen Haywood (Feb 01)
- Re: against EMET? HD Moore (Feb 01)
- Re: against EMET? Chip (Feb 01)
- Re: against EMET? Joshua Smith (Feb 01)
- Re: against EMET? Joshua Smith (Feb 01)
- Re: against EMET? Stephen Haywood (Feb 01)
- Re: against EMET? HD Moore (Jan 31)
- <Possible follow-ups>
- Fwd: against EMET? Joshua Smith (Feb 02)