Skip to content
/ AVbypass Public

Techniques that i have used to evade anti-virus during pen tests.

13 stars 6 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

arunvnnk/AVbypass

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

11 Commits

README.md

README.md

 
 

generate_payload.py

generate_payload.py

 
 

runcode.cs

runcode.cs

 
 

template.cs

template.cs

 
 

textgen.cs

textgen.cs

 
 

Repository files navigation

Something that i wrote to bypass the AV on a windows machine when it was flagging powershell based in memory techniques, regular msf payload EXES and Veil-Framework EXES. This is just to highlight the risk of AVs trusting payloads generated using .Net Assesmblies.

It is not a vulnerability, just another way to try to bypass the AV. The scenario is when the pen-tester cannot shutdown the remote av process or login using RDP into the remote machine and wants to execute a payload on the remote machine.

It is assumed that the pen-tester has the credentials for the remote windows machine.

The template file is based on subtee's https://gist.github.com/subTee/408d980d88515a539672

Read the wiki for detailed insructions for building the payload. There are also some pointers regarding payload delivery that can be ignored if you have your specific method.

The payload generated from the python script gets past all major AV solutions. If the shellcode is copied directly into the csharp script, then some AV solutions detect it as malicous (but even this is very few)

Dependencies for kali3 - mono-complete

About

Techniques that i have used to evade anti-virus during pen tests.

Topics

dotnet antivirus-evasion pentesters

Resources

Readme
Activity

Stars

13 stars

Watchers

1 watching

Forks

6 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages