Video Bypassing AntiVirus with Metasploit

[arcsighter at gmail.com (ArcSighter Elite)]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Thierry Zoller wrote:
> Dear ArcSighter Elite,
>
> > Pardon me, but that was the first trick against KAV and is silly;
> I was giving an example I found amusing, nothing more nothing less,
> there are a bazillion ways to escape - and decrypting from a ressource
> is pretty much one of the most common ones and by far not special.
>
> Let's take the dick contests offlist, if you want to discuss further,
> or implement it in metasploit ?

Of course we could discuss offlist if you like to.
But, as I said, I left RATs quite a long time ago.
Metasploit is more than a exploit framework, sure, but IMHO don't see
the utility of such backdoor implementation into Metasploit. I'm using
it since 2004 and haven't faced the scenario where that would be
necessary yet.
I just said that, giving the nature of the technique and the way AV
software are implemented, it may be almost *sure* to bypass all them, by
combining reflective PE loading with runtime encryption/decryption.

Anyway, if you know some spanish there's a malware-devoted community at
http://www.indetectables.net that IMHO is the best in the topic,
regardless of language and after the dead of active-spy.org.
Visiting the forum will provide you a lot of more info that I can.

BTW, sorry if I misunderstood your post.

Sincerely.


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAklwlN0ACgkQH+KgkfcIQ8d/CQCfT8PK7LmnC/eeq0EUX/xtePHl
w4sAn2KGDzNXZSZ4P5yGqpwWo8DbvNGV
=Tzv1
-----END PGP SIGNATURE-----