Home page logo
/

pen-test logo Penetration Testing mailing list archives

Re: hiding netcat from AV
From: Chris <whitehat237 () gmail com>
Date: Thu, 31 Jul 2008 09:09:39 -0700

Hey Jim,

you might be interested in one of the recent schmoocon presentations.
In the presentation, the presenter demonstrates exactly how to modify
an already compiled exe to bypass signature based AV detection using
assembly XOR encoding and decoding.

The video is located here:

http://www.shmoocon.org/2008/videos/

It's called backtrack demo.

The site appears to be down right now though...  Odd.



On Wed, Jul 30, 2008 at 2:35 PM, James Kelly <macubergeek () comcast net> wrote:
Hi
I'm researching the various ways to hide netcat from AV

The most success I've found is with an idea I got from the new Syngress
netcat book.
basicly add a commented out text block near the top of netcat.c and
recompile
I tried this with about 20 lines of random hex and uploaded it to
www.virustotal.com with great success.

Has anyone had success with exe encryptors? I've tried telock  and it seems
to have little effect on AV detectability.

Jim

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Top 5 Common Mistakes inSecuring Web Applications
Get 45 Min Video and PPT Slides

www.cenzic.com/landing/securityfocus/hackinar
------------------------------------------------------------------------



------------------------------------------------------------------------
This list is sponsored by: Cenzic

Top 5 Common Mistakes in 
Securing Web Applications
Get 45 Min Video and PPT Slides

www.cenzic.com/landing/securityfocus/hackinar
------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]