Following and doing the tutorials from OTW and others on this subject, and reading up on fx. rapid7 and other resources, although good and necessary for basic skills, I understand that there will not be a easy or perpetual fix for evasion...
So can someone advice pls....
I am in the process of learning and have by now acquired a general understanding of the tools and methods available in hacking/pen-testing, and as I see it the client-side attacks and evasion techniques are becoming more and more the way to go for "low hanging fruit", so in an effort to optimize my results, I will for now, focus on these, feel free to correct me if I am mistaken...
If I´m not, could some one more experienced help me figure out, the best place to start in terms of skills/coding/scripting/languages that will support tools like msfconsole/msfvenom/veil and etc. thereby being able to modify and customize payloads, executales etc. on my own ASAP.
I know it will take some effort, so this is an attempt to achieve it in a efficient way.
Thanks for all your valuable input -MG
2 Responses
I am not more experienced but here are my answers:
As far as I know most of the metasploit script are written in Ruby. Many other scripts are written in python. Here on null-byte you can find ruby and python tutorial, too.
In terms of evasion, I've read here earlier that the best thing is ghostrwriting your payload, so generate the assembly code and add some extra code to it, that does not do anything useful. Google for evasion + ghostwriting.
Ok thank you, that (ghostwriting) makes sense at a low proficiency level... and might actually be helpful :)
Yes I saw the tutorials and others on scripting, but have been a little hesitant to beginning before I understand which will be of most use...
So any thought on whether ruby or python is most useful in the beginning, in regards to client side attacks and evasion techniques. :)
BR MG
Share Your Thoughts