Bypassing client-side antivirus protection using msfencode
In the previous recipe, we focused on how to generate an executable shellcode and use it as a weapon for a client-side attack. But, such executables are easily detectable by the client-side antivirus protection which can prevent execution of such malicious files and raise alarms as well. So what can we do now? We will have to move to the next level of attack vector by bypassing the antivirus protection. Encoding the executables is an effective technique.
Antivirus uses a signature-based technique in which they identify a potential threat by verifying the file's first few lines of code with their signature database. If a match is found, then the file is treated as a threat. We will have ...
Get Metasploit Penetration Testing Cookbook now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.