Penetration Testing mailing list archives

RE: hiding netcat from AV

From: Roni Bachar <roni () avnet co il>
Date: Thu, 31 Jul 2008 11:53:52 +0300

Hi James,

Usually packers or hex editing will do the trick you just need to find a good one and test it with your antivirus 
program

Roni Bachar
Avnet Penetration team manager
www.avnet.co.il




-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of James Kelly
Sent: Thursday, July 31, 2008 12:35 AM
To: pen-test () securityfocus com
Subject: hiding netcat from AV

Hi
I'm researching the various ways to hide netcat from AV

The most success I've found is with an idea I got from the new
Syngress netcat book.
basicly add a commented out text block near the top of netcat.c and
recompile
I tried this with about 20 lines of random hex and uploaded it to www.virustotal.com
  with great success.

Has anyone had success with exe encryptors? I've tried telock  and it
seems to have little effect on AV detectability.

Jim

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Top 5 Common Mistakes in
Securing Web Applications
Get 45 Min Video and PPT Slides

www.cenzic.com/landing/securityfocus/hackinar
------------------------------------------------------------------------


------------------------------------------------------------------------
This list is sponsored by: Cenzic

Top 5 Common Mistakes in
Securing Web Applications
Get 45 Min Video and PPT Slides

www.cenzic.com/landing/securityfocus/hackinar
------------------------------------------------------------------------

Current thread:

hiding netcat from AV James Kelly (Jul 30)
- Re: hiding netcat from AV Paul Melson (Jul 30)
- RE: hiding netcat from AV Roni Bachar (Jul 31)
- Re: hiding netcat from AV Gleb Paharenko (Jul 31)
- Re: hiding netcat from AV Chris (Jul 31)