Recently, I decided to test how good our home AV was. I created a msfpayload with a Meterpreter. I then first disabled the AV on one of the computers in the household to see if I could get a meterpreter session spawned. Then I turned on the AV and the .exe file was instantly quarantined and removed.
The computers were on the same wireless network. I am wonder how I would be able to get remote access of a different computer on a different network, as my classmate also wants to see if MalwareBytes is a good AV.
4 Responses
MalwareBytes is a good AV, you are however able to bypass it (just like any other).
To help you with the second part you can create a reverse shell to connect back to your WAN IP, then use port forward on your router to direct the incoming shell to your listener (kali box).
I've been able to bypass MalawareBytes multiple times. Actually, that's the AV I bypassed in my first tutorial.
Have you tried changing the Payload's signature?
Yesterday OTW published an article on how to do this with Veil Evasion
It's easy to bypass AV with a VBScript payload. Executables are #1 priority for AV.
Share Your Thoughts