Evading Antivirus Detection
We’ll use the popular AVG Anti-Virus product in the following examples. Because it can take some time and multiple tries to circumvent certain antivirus engines, before we try to deploy a payload, we check the antivirus solution to make sure the payload gets past it before we deploy it on the target.
In this case, when we test our payload with AVG, we see that it’s detected, as shown in Figure 7-1.
Figure 7-1. AVG detected our payload.
Encoding with MSFencode
One of the best ways to avoid being stopped by antivirus software is to encode our payload with msfencode. Msfencode is a useful tool that alters the code in an executable ...