Description: Most, if not all, executables generated by msfpayload/msfencode/msfvenom get destroyed by every antivirus available. Msfpayload is still fantastic, but it’s inevitable that something this fantastic will get a lot of attention from AV providers. It is crucial for security professionals to have reliable payloads to provide quality deliverables to their clients. Rather than having a theoretical discussion regarding various avoidance techniques, this talk will demonstrate methods that these chaps use on a regular basis with ridiculous success rates. Of particular focus will be ghost-writing ASM, use of binary-level encryption for payloads, and remote command execution for shell generation.
melvin2001 is a penetration tester that loves cinnabon, and is a founding member of the FALE Association of Locksport Enthusiasts.