rapid7-admin

Become invisible to anti-virus protection

Blog Post created by rapid7-admin on Jan 6, 2011

Originally Posted by Chris Kirsch

 

 

 

Be-invisible-on-the-network-with-Metasploit-216x300.jpg

 

Wouldn’t it be fantastic to be invisible for a day? Walk straight into a bank vault in the morning, be a fly on the wall in the Oval Office for lunch, and spend an evening in your favorite movie star’s house. Well, now you can - with Metasploit!

 

We tested our Metasploit invisibility cloak on a field day recently. Our venue of choice: an anti-virus test lab. The goal was to test how well Metasploit’s anti-virus protection would hold up against the most recent versions of the world’s top ten anti-virus vendors. The results were better than we had hoped for: Every single vendor had gaping holes, two didn’t trigger alerts at all.

 

I don’t want to single out specific vendors, so I’ve anonymized the chart. In addition, exploit developers and anti-virus engines are in a constant arms race, so I don’t want to disclose how we make our exploits invisible. Otherwise, the AV vendors would fix the holes, my colleagues in development would have to code through the weekend, and I would have to buy them a beer next time. Instead, they're now working on making Metasploit Pro completely invisible.

 

Metasploit-is-invisible-to-Anti-Virus-protection.jpg

 

If you're interested in Metasploit and anti-virus, also check out n00bznet's recent blog post on the subject.

Outcomes