That's good info jcran.
I wanted to post another article that I feel is relevant to evading Antivirus with metasploit payloads. This method offers alot of flexibility to the penetration testers to obfuscate the ASM instructions however they chose. For more information see this blog article here:
I there everyone, this is a very good post to add to favorites.
I have to say that i've been testing with "metasm", the link zeknox posted, and it's a very good method, i've been very sucessfull.
The post show's a trick, to chande asm.code, i was wondering if anyone else as tested this way?
The metasm included with the framework, as some samples and i am using "peencode" to produce the .exe.
Is there anyone else that's using the metasm, i need a hint, the exe's i'm generating are being blocked by micro$oft security essencials
Thank's you all.
Pipas, keep obfuscating your ASM instructions as much as possible and you can get around Microsoft Security Essentials. I successfully did this just the other week in a penetration test against one of my clients who was running it and ultimately allowed me to obtain Domain Admin privileges on their network. Good Luck!
Thanks, i've been trying, but could do it yet...
I've done has the article pointed, but, i don't have great knowledge of assembly, i tryied some "add and sub", but with no success
Can you give me a hint, what did you do? did you use the same method has pointed in the article (before a xor, mov arround some stuff) or did you did something else?