Home page logo

metasploit logo Metasploit mailing list archives

Re: shellcodeexec to bypass AV ?
From: "Willard Dawson" <wfdawson () bellsouth net>
Date: Sun, 17 Apr 2011 07:52:35 -0400

Any thoughts on this one?  Along similar lines as shellcodeexec, I assume.





From: framework-bounces () spool metasploit com
[mailto:framework-bounces () spool metasploit com] On Behalf Of HD Moore
Sent: Saturday, April 16, 2011 12:14 AM
To: framework () spool metasploit com
Subject: Re: [framework] shellcodeexec to bypass AV ?


On 4/15/2011 8:15 PM, HD Moore wrote:
On 4/14/2011 3:15 PM, Houcem HACHICHA wrote:

The author claims that the script makes Meterpreter bypass AV (better
than Msfencode).

If this is true, can this be implemented in MSF ?

I apologize for the previous grammar - what I get for writing a reply on
the way out the door.  Regarding AV evasion, its only something worth
merging into the SVN tree if it involves a technique that the user
controls. Anything static results in an immediate signature, courtesy of
our AV friends. We would happily accept patches for AV evasion that
involve the user specifying some unique EXE or file that results in a
different signature per user. Adding the same technique for all users
generally just delays the problem by 3 days :)



No virus found in this message.
Checked by AVG - www.avg.com
Version: 10.0.1209 / Virus Database: 1500/3576 - Release Date: 04/15/11


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]