Antivirus Evasion
Detection Methods
Step 1: Generate portable execution file (PE)
Step 2: Run it through a virus scan website such as below
Be mindful when submitting executables online since as soon as you submit, it becomes public.
Step 3: Transfer the file to Windows for more analysis
On disk evasion
Packers
Obfuscators
Crypters
Software Protectors
In Memory Injection (PE injection)
volatile memory
Powershell method (in-memory injection)
it's harder for the system to know since it's going to be run inside the interpreter and the script isn't executable code.
Below is the template. Create a malicious payload with msfvenom and put the payload inside the sc variable.
using the VirtualAlloc, it inputs each byte of the payload to the newly allocated memory block.
The last line executes the payload with CreateThread.
Last updated