Penetration Testing mailing list archives
Re: hiding netcat from AV
From: Ramiro <rgmz () gmx net>
Date: Mon, 04 Aug 2008 19:54:20 -0300
I saw earlier that video Chris refers. Its an interesting demonstration. But its not aimed for bypass an AV with "online" or resident protection apparently. Anyway its an nice alternative for bypassing mail servers with AV protection. Greetings Ramiro
Hey Jim, you might be interested in one of the recent schmoocon presentations. In the presentation, the presenter demonstrates exactly how to modify an already compiled exe to bypass signature based AV detection using assembly XOR encoding and decoding. The video is located here: http://www.shmoocon.org/2008/videos/ It's called backtrack demo. The site appears to be down right now though... Odd. On Wed, Jul 30, 2008 at 2:35 PM, James Kelly <macubergeek () comcast net> wrote:Hi I'm researching the various ways to hide netcat from AV The most success I've found is with an idea I got from the new Syngress netcat book. basicly add a commented out text block near the top of netcat.c and recompile I tried this with about 20 lines of random hex and uploaded it to www.virustotal.com with great success. Has anyone had success with exe encryptors? I've tried telock and it seems to have little effect on AV detectability. Jim ------------------------------------------------------------------------ This list is sponsored by: Cenzic Top 5 Common Mistakes inSecuring Web Applications Get 45 Min Video and PPT Slides www.cenzic.com/landing/securityfocus/hackinar ------------------------------------------------------------------------------------------------------------------------------------------------ This list is sponsored by: CenzicTop 5 Common Mistakes in Securing Web ApplicationsGet 45 Min Video and PPT Slides www.cenzic.com/landing/securityfocus/hackinar ------------------------------------------------------------------------
------------------------------------------------------------------------ This list is sponsored by: CenzicTop 5 Common Mistakes in Securing Web Applications
Get 45 Min Video and PPT Slides www.cenzic.com/landing/securityfocus/hackinar ------------------------------------------------------------------------
Current thread:
- Re: hiding netcat from AV Ramiro (Aug 04)