Penetration Testing mailing list archives

Re: hiding netcat from AV

From: "Gleb Paharenko" <gpaharenko () gmail com>
Date: Thu, 31 Jul 2008 15:00:11 +0300

Hi.

I've recompiled the sources using mingw (gcc). This hides it from Kaspersky.

2008/7/31 James Kelly <macubergeek () comcast net>:

Hi
I'm researching the various ways to hide netcat from AV

The most success I've found is with an idea I got from the new Syngress
netcat book.
basicly add a commented out text block near the top of netcat.c and
recompile
I tried this with about 20 lines of random hex and uploaded it to
www.virustotal.com with great success.

Has anyone had success with exe encryptors? I've tried telock  and it seems
to have little effect on AV detectability.

Jim

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Top 5 Common Mistakes inSecuring Web Applications
Get 45 Min Video and PPT Slides

www.cenzic.com/landing/securityfocus/hackinar
------------------------------------------------------------------------




-- 
Best regards.
Gleb Pakharenko.
http://gpaharenko.livejournal.com
http://www.linkedin.com/in/gpaharenko

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Top 5 Common Mistakes in 
Securing Web Applications
Get 45 Min Video and PPT Slides

www.cenzic.com/landing/securityfocus/hackinar
------------------------------------------------------------------------

Current thread:

hiding netcat from AV James Kelly (Jul 30)
- Re: hiding netcat from AV Paul Melson (Jul 30)
- RE: hiding netcat from AV Roni Bachar (Jul 31)
- Re: hiding netcat from AV Gleb Paharenko (Jul 31)
- Re: hiding netcat from AV Chris (Jul 31)