Chapter 12. Bypassing Antivirus Applications
Your pentesting clients will most likely be running some sort of antivirus solution. So far in this book weâve avoided having any of our malicious executables deleted by antivirus applications, but antivirus program avoidance is a constantly changing field. Typically you will be more likely to avoid detection by using a memory-corruption exploit and loading your payload directly into memoryâthat is, by never touching the disk. That said, with the attack landscape shifting to emphasize client-side and social-engineering attacks, it may not always be possible to avoid writing your payload to disk. In this chapter weâll look at a few techniques for obscuring our malware to try to avoid detection ...
Get Penetration Testing now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
