Evading Antivirus Detection

We’ll use the popular AVG Anti-Virus product in the following examples. Because it can take some time and multiple tries to circumvent certain antivirus engines, before we try to deploy a payload, we check the antivirus solution to make sure the payload gets past it before we deploy it on the target.

In this case, when we test our payload with AVG, we see that it’s detected, as shown in Figure 7-1.

AVG detected our payload.

Figure 7-1. AVG detected our payload.

Encoding with MSFencode

One of the best ways to avoid being stopped by antivirus software is to encode our payload with msfencode. Msfencode is a useful tool that alters the code in an executable ...

Get Metasploit now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.