Package/Scramble Core Impact Agents

[paul at pauldotcom.com (Paul Asadoorian)]

On 3/18/10 11:54 AM, Rob Fuller wrote:
> Wait.. a software you pay for gets caught by AV? 

To be fair, Core does not market their product as "Use IMPACT to bypass
AV all the time!".  In fact, at times they may actually bypass 98% of
the AV out there, but then AV vendors update sigs and techniques and
catch them, then Core may update the agent, etc...  In my experience,
Core bypasses most of the AV out there, but nothing something like
msfpayload or upx can't fix ;)

Cheers,
Paul

> By itself or are you
> always binding it and the binder is triggering AV?
>
>
> --
> Rob Fuller | Mubix
> Room362.com | Hak5.org | TheAcademyPro.com
> Ignore this:
> X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
>
>
>
>
> On Thu, Mar 18, 2010 at 11:05 AM, Brian Judd <bjudd at synercomm.com> wrote:
> > Does anyone know of a good packager/installer that can get a Core Impact
> > agent past AV detection?  I used NSIS in the past, but it seems to be
> > getting caught now.  Thanks!
> >
> >
> >
> > Brian Judd
> >
> > This message (including any attachments) may contain confidential
> > information and is intended only for the individual to which it is
> > addressed. If you are not the intended recipient, please delete this message
> > and contact the sender. You are also hereby notified that any review,
> > disclosure, copying, or distribution of this message, or the taking of any
> > action based on it, is prohibited.
> > _______________________________________________
> > Pauldotcom mailing list
> > Pauldotcom at mail.pauldotcom.com
> > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> > Main Web Site: http://pauldotcom.com
> _______________________________________________
> Pauldotcom mailing list
> Pauldotcom at mail.pauldotcom.com
> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> Main Web Site: http://pauldotcom.com

-- 
Paul Asadoorian
PaulDotCom Enterprises
Web: http://pauldotcom.com
Phone: 401.829.9552