mailing list archives
Re: Regarding HDM's blog about persistent HTTPS connections
From: HD Moore <hdm () metasploit com>
Date: Wed, 14 Apr 2010 11:29:54 -0500
On 4/14/2010 11:08 AM, Terrence wrote:
Why are you encoding into a vbs rather then an exe? What are the
benefits of a vbs for persistence?
VBS is easier to obfuscate and generally manipulate at runtime. Creating
another EXE would result in another catch-22 around AV signatures, so
using a VBS is generally easier. Long-term, a completely random EXE
generator would be a better solution.