Bypassing client-side antivirus protection using msfencode

In the previous recipe, we focused on how to generate an executable shellcode and use it as a weapon for a client-side attack. But, such executables are easily detectable by the client-side antivirus protection which can prevent execution of such malicious files and raise alarms as well. So what can we do now? We will have to move to the next level of attack vector by bypassing the antivirus protection. Encoding the executables is an effective technique.

Antivirus uses a signature-based technique in which they identify a potential threat by verifying the file's first few lines of code with their signature database. If a match is found, then the file is treated as a threat. We will have ...

Get Metasploit Penetration Testing Cookbook now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.