- This topic has 3 replies, 2 voices, and was last updated 1 year, 10 months ago by Diego Pérez.
- AuthorPosts
- February 10, 2023 at 4:26 pm #70682Ihack4funParticipant
hello
i am using the latest version of the kali linux (Zsecurity)
and also the latest version of (the fat rat/ VEil/ Empire)
my problem is i try to edit the .bat file manualy and converting it to exe then i edit it with HXd
after that i add an icon to it and rename it with (RTL override) to spoof the extension.but after doing all of that i am getting detected by at least 10 AV’s i am scanning on (antiscan.me)
even if it says that its bypassing the AV i am using in my virtual machine it gets detected although the scanning web says its not.i have tried doing the same with (download and execute payload) or empedding it with a microsoft office document
it just gets detected.
please help me make it undetectableFebruary 10, 2023 at 7:22 pm #70687Diego PérezModeratorHi!
Basically bypassing AV programs is like a game of cat and mouse, so backdoors might start getting detected at some stage, then the developers release an update, this will allow you to generate undetectable backdoors, then AV programs release an update which will make backdoors detectable ……..So the main thing is to make sure that Veil or any other tool you’re using to generate the backdoor is up to date.
Here’s a few solutions to try if your backdoor is getting detected:1. Make sure that you have the latest version of Veil, so do updated before doing use 1.
2. Experiment with different payloads, and experiment with different payload options and you should be able to bypass it.
3. Try generating a backdoor using the fat rat, empire.
4. Modify backdoor code if its in bat as shown in lecture 33.
5. Modify backdoor using a hex editor as shown in lecture 40.
6. Create your own backdoor (covered in python course).The best thing to do is look at the last lecture of the course (bonus lecture) it contains all the courses that you can take with this course and a comparison between them.
Also check out this video:
Greetings!
DiegoFebruary 10, 2023 at 8:14 pm #70690Ihack4funParticipantthank u
i have done all of that except for the python
i will start the python course after i finish this oneFebruary 11, 2023 at 4:46 pm #70711Diego PérezModeratorHi!
Cool, bypassing AVs is always about try/error until you succeed.Greetings!
Diego - AuthorPosts
- You must be logged in to reply to this topic.