Author Topic: AV evasion: Recompiling & Optimizing FTW!  (Read 6413 times)

0 Members and 1 Guest are viewing this topic.

Offline DiabloHorn

  • VIP
  • Hacker In Training
  • *
  • Posts: 77
  • Rep: 6

  • Hacktivity
    0%
    • View Profile
    • DiabloHorn's Blog
AV evasion: Recompiling & Optimizing FTW!
« on: January 18, 2013, 10:26:46 pm »
It's fun and it takes you like a few minutes to drastically lower detection rates. all this assuming you are using proper code and not full of errors.

Quote
Lowering the detection rate of binaries can be done in two mayor ways like we all know:

modify the binary
modify the source
The first option one has a lot of articles on the internet covering it, so I’ll not be covering it, maybe in the feature. The second one is also a well known one, but not a often used one imo. A lot of people are either afraid of the source, don’t understand it or think they’ll brake it.

So let’s try and take those fears away, specially since it also requires minimal effort & time which can be a real PITA when you need to pwn a company in a couple of hours.

https://diablohorn.wordpress.com/2013/01/19/av-evasion-recompiling-optimizing-ftw/

Hacktalk.net

AV evasion: Recompiling & Optimizing FTW!
« on: January 18, 2013, 10:26:46 pm »

Offline grap3_ap3

  • VIP
  • HackTalker
  • *
  • Posts: 136
  • Rep: 7
  • Gender: Male

  • Hacktivity
    0%
    • View Profile
    • Where #AwesomeSauce is made
Re: AV evasion: Recompiling & Optimizing FTW!
« Reply #1 on: January 23, 2013, 07:43:42 pm »
I recently got a PM from someone on this site asking about something along this line- trying to get something to slip past AV. I wish more people would actually READ the shit on this forum (or the rest of the internet??) rather than asking to have the work done for them.

Another great post Diablohorn!
That man can be domesticated.
Don't learn to hack. Hack to learn!

Offline DiabloHorn

  • VIP
  • Hacker In Training
  • *
  • Posts: 77
  • Rep: 6

  • Hacktivity
    0%
    • View Profile
    • DiabloHorn's Blog
Re: AV evasion: Recompiling & Optimizing FTW!
« Reply #2 on: January 23, 2013, 08:08:50 pm »
it's a fun topic to research a bit about. Yeah there is literally TONS of information out there on how to do it. powersploit for example makes it really easy


Offline blixnawaka

  • Global Moderator
  • HackTalker
  • *****
  • Posts: 116
  • Rep: 11
  • Gender: Male
  • Let me overflow your buffer, baby.

  • Hacktivity
    0%
    • View Profile
Re: AV evasion: Recompiling & Optimizing FTW!
« Reply #3 on: January 23, 2013, 09:16:38 pm »
Hey DiabloHorn, these articles are indeed really great! I appreciate the contribution. Is there any chance that we could get a copy of the blog post here in the forums themselves, formatted and wonderful, for all to read? You can even put your blog link at the top with the title ;D
Follow me on twitter!
http://twitter.com/blixnawaka

Signature Artist: The_Inexistent

Offline DiabloHorn

  • VIP
  • Hacker In Training
  • *
  • Posts: 77
  • Rep: 6

  • Hacktivity
    0%
    • View Profile
    • DiabloHorn's Blog
Re: AV evasion: Recompiling & Optimizing FTW!
« Reply #4 on: January 23, 2013, 09:21:59 pm »
Sure if someone explains to me how to do it with as less effort as possible? Only reason I don't do it cause the layouts gets all fucked when copy/pasting and fixing it by hand is a pain.

Offline connection

  • Da Bawss
  • Administrator
  • Hero Member
  • *****
  • Posts: 606
  • Rep: 26
  • Gender: Male
  • Pwner of things

  • Hacktivity
    0%
    • View Profile
    • HackTalk Security
Re: AV evasion: Recompiling & Optimizing FTW!
« Reply #5 on: January 28, 2013, 11:57:48 am »
What if I set up like some sort of user blogging system for SMF?
Hosting isn't cheap.. If this site has helped you please consider donating by Clicking Here

Offline DiabloHorn

  • VIP
  • Hacker In Training
  • *
  • Posts: 77
  • Rep: 6

  • Hacktivity
    0%
    • View Profile
    • DiabloHorn's Blog
Re: AV evasion: Recompiling & Optimizing FTW!
« Reply #6 on: January 28, 2013, 02:38:16 pm »
if that means i can copy paste from wordpress into here, that's fine. Would only have to link the images then.

 


SimplePortal 2.3.3 © 2008-2010, SimplePortal