PaulDotCom mailing list archives

Package/Scramble Core Impact Agents

From: bjudd at synercomm.com (Brian Judd)
Date: Fri, 19 Mar 2010 08:34:22 -0500

Wow, you've had success with PEScrambler and Core's agent?  I've tried
PEScramber several times and it creates a new executable, but it doesn't
work.  I am not familiar with UPX or the ability to use Metasploit's
msfpayload with Core's agent.  Have you done this before?  Any tips or
tricks that you could share?  I guess I will try PEScramber again also.

Brian Judd
------------------------------

Message: 8
Date: Thu, 18 Mar 2010 13:02:54 -0400
From: Paul Asadoorian <paul at pauldotcom.com>
Subject: Re: [Pauldotcom] Package/Scramble Core Impact Agents
To: PaulDotCom Security Weekly Mailing List
        <pauldotcom at mail.pauldotcom.com>
Message-ID: <4BA25CBE.3070809 at pauldotcom.com>
Content-Type: text/plain; charset=ISO-8859-1

Ah yes, pe-scrambler works really well too, I've used it with great
success.

If all else fails, a VBscript payload in a Word doc is effective.

Cheers,
Paul

On 3/18/10 12:07 PM, Daniel Holiday wrote:

Would pescrambler work for this?

http://www.rnicrosoft.net/



On Thu, Mar 18, 2010 at 9:05 AM, Brian Judd <bjudd at synercomm.com
<mailto:bjudd at synercomm.com>> wrote:

    Does anyone know of a good packager/installer that can get a Core
    Impact agent past AV detection?  I used NSIS in the past, but it
    seems to be getting caught now.  Thanks!

     

    Brian Judd

    This message (including any attachments) may contain confidential
    information and is intended only for the individual to which it is
    addressed. If you are not the intended recipient, please delete

this

    message and contact the sender. You are also hereby notified that
    any review, disclosure, copying, or distribution of this message,

or

    the taking of any action based on it, is prohibited.
    _______________________________________________
    Pauldotcom mailing list
    Pauldotcom at mail.pauldotcom.com

<mailto:Pauldotcom at mail.pauldotcom.com>

    http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
    Main Web Site: http://pauldotcom.com




_______________________________________________
Pauldotcom mailing list
Pauldotcom at mail.pauldotcom.com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com


-- 
Paul Asadoorian
PaulDotCom Enterprises
Web: http://pauldotcom.com
Phone: 401.829.9552

Current thread:

Intro music PDC, (continued)
- - - Intro music PDC Darren M. Wigley (Mar 19)
    - Intro music PDC Robert Portvliet (Mar 19)
    - Intro music PDC Ken Pryor (Mar 19)
    - Intro music PDC Nils (Mar 19)
    - Intro music PDC Darren M. Wigley (Mar 19)
    - Intro music PDC infogeek2u at gmail.com (Mar 19)
    - Intro music PDC Michael Douglas (Mar 19)
    - Intro music PDC Jody & Jennifer McCluggage (Mar 19)
    - Intro music PDC Michael Douglas (Mar 19)
    - Intro music PDC Darren M. Wigley (Mar 19)
- Package/Scramble Core Impact Agents Brian Judd (Mar 19)
  - Package/Scramble Core Impact Agents Jim Halfpenny (Mar 19)
    - Package/Scramble Core Impact Agents Rob Fuller (Mar 29)