Hi everyone.
These days I was looking into bypassing AVs and I was able to evade a bunch of them but I'm struggling to bypass Norton sonar which can detect my meterpreter connection even though I was able to create a clean payload and before I ask I looked into some solutions like using Enable Stage Encoding in MetaSploit but it didn't bypassed the AV so anyone here have an idea on how to encrypt my connection so no AV can detect it.
Thanks
4 Responses
Do you know exactly what's causing the problem? Is the payload itself getting detected by signatures or heuristics? Where is it being detected: before or while running? Have you tried crypting it?
The payload is a bat file that contains a power shell script and it doesn't get caught by the signature or heuristics. The problem is when I try to connect to the victim machine Norton detect my connection and gave me at the bottom right a pop up telling me that someone is trying to connect to my computer using reverse https attack.
So it's a firewall issue? I'm not exactly sure about the details of PowerShell but is there some way you can inject the process into an existing process which connects online (like Skype) and use that to conceal your intent?
It appear that the block was caused by the "Intrusion Prevention" it this feature in Norton automatically blocks Internet attacks aimed at taking advantage of a vulnerable program.
Share Your Thoughts