Tuesday, May 17, 2011

lazy jumping techniques

Just woke up few minutes ago and came up with some lazy shellcode skeleton idea. Using inline asm instead of casting shellcode as a function and execute it .

#include
#include
char shellcode[] = "malsmalasmalmalsa";
int main(int argc, char **argv)
{
__asm__(
"mov %ebp, %eax;
"jmp %eax;
);
}




Saturday, May 14, 2011

Evading Antivirus Emulator using stealth meterpreter

Synopsis

I'm a metasploit dog . Yup for the past 3 years of my life as a pen-tester junkie . there's not been a project that i test without using the whole bunch of metasploit framework junkie. The juiciest thing bout metasploit is the meterpreter . A fine payload act as a badass backdoor for any platform be it windows/java/php/linux. A fine backdoor .

However antivirus is also getting much mature for the pass years . With the improvement of certain technology such as Antivirus Emulator, generating a meterpreter payload while evading the antivirus detection may be quite hard.

Known technique to evade antivirus

1. Use metasploit's msfencode to 'pack' the backdoor:
http://www.offensive-security.com/metasploit-unleashed/Antivirus_Bypass

2. Use custom loader:

In this slides i`m presenting a new alternative way to evade antivirus emulator simply by passing an input or an argument . Our objective here is to create a backdoor that evades an antivirus detection .

Special thanks to sk, pokleyzz and the rest of the crew.