First of all, sorry for my english.
I'm asking myself if there is today a real way of bypassing AV. I tried a lot of techniques buy they didn't work :
- Shikataganai : This module doesn't make any effect on payloads since several months/years.
- I tried some other techniques like fetching payload on the net, making unused loops etc... they don't work
- packers like UPX seem not to be effective.
- Encrypting shellcode with RSA algorithm isn't effective. Indeed, the payload is caught when the shellcode is decrypted.
- Plus, I have to write almost all payloads with C language and not with Python or Ruby because programs to convert py/rb to exe like pyinstaller/py2exe and ocra are all caught by antiviruses. Even a python program with a single print function is caught by antivirus as a malware.
So when I see all that, I ask myself if today there is a real and working way to bypass AV. They have more and more detection techniques like memory based signature detection, heuristic and dynamic analysis..
I don't want an entire payload or something like that. I just want possible bypassing techniques to understand. Maybe DLL injection techniques are effective ?