lazy jumping techniques

Just woke up few minutes ago and came up with some lazy shellcode skeleton idea. Using inline asm instead of casting shellcode as a function and execute it .

#include

#include

char shellcode[] = "malsmalasmalmalsa";

int main(int argc, char **argv)

{

__asm__(

"mov %ebp, %eax;

"jmp %eax;

);

}

Evading Antivirus Emulator using stealth meterpreter

Synopsis

I'm a metasploit dog . Yup for the past 3 years of my life as a pen-tester junkie . there's not been a project that i test without using the whole bunch of metasploit framework junkie. The juiciest thing bout metasploit is the meterpreter . A fine payload act as a badass backdoor for any platform be it windows/java/php/linux. A fine backdoor .

However antivirus is also getting much mature for the pass years . With the improvement of certain technology such as Antivirus Emulator, generating a meterpreter payload while evading the antivirus detection may be quite hard.

Known technique to evade antivirus

1. Use metasploit's msfencode to 'pack' the backdoor:
http://www.offensive-security.com/metasploit-unleashed/Antivirus_Bypass

2. Use custom loader:

http://www.coresec.org/2011/04/22/execute-metasploit-payloads-using-shellcodeexec/

In this slides i`m presenting a new alternative way to evade antivirus emulator simply by passing an input or an argument . Our objective here is to create a backdoor that evades an antivirus detection .

Special thanks to sk, pokleyzz and the rest of the crew.

Download slides here. http://www.mediafire.com/?d95c35ax90k7u6g