mailing list archives
Re: Yet another AV bypassing question
From: Jason Hawks <jason.hawks0 () gmail com>
Date: Sun, 26 Jun 2011 23:08:42 +0200
Thank you very much for your answers.
I wrote my own template and it did it. At least, I was able to use
java_signed_applet + meterpreter and bypass McAfee and Symantec EP.
I will try with other AV vendors as soon as I can.
2011/6/24 Jason Hawks <jason.hawks0 () gmail com>:
As many of you, I'm trying to bypass my AV but I'm not lucky with the
metasploit encoders anymore.
My Question is simple (but I don't know about the answer yet).
Does modifying and recompiling meterpreter source code (with spread
dummy instructions and a lot of try-and-error attempt) could help me ?
or the main problem is not in meterpreter DLL but somewhere else ?
Actually I got a try modifying the source code of meterpreter (using
Visual Studio Express), but it didn't change anything. Therefore, I'm
wondering if it's just a matter of tries or if I'm wasting my time.
Am I looking in the right direction ?
For information, I'm playing with McAfee 8.X right now.
Thank you very much for your lights. Any other tips are welcome.