Viewing 2 posts - 1 through 2 (of 2 total)
  • Author
    Posts
  • #31767
    basmeijerbasmeijer
    Participant

    Hi Zaid,

    When testing the lessons on Office files and Autoit, these file are getting detetcted by Antivirus. The word file bij DeepGuard, and the Autoit file by Defender.
    What are your suggestions on bypassing these antivirus files?

    Kind regards,
    Bas

    #32031
    AvatarA J
    Moderator

    Hi Basmeijer,

    The main thing is to make sure that Veil or any other tool you’re using to generate the backdoor is up to date. Here are a few solutions to try if your backdoor is getting detected:

    1. Make sure that you have the latest version of Veil, so do updated before doing use 1.

    2. Experiment with different payloads, and experiment with different payload options and you should be able to bypass it.

    3. Modify backdoor code if its in bat (covered in the Social Engineering course)

    4. Modify backdoor using a hex editor (covered in the Social Engineering course).

    5. Create your own backdoor (covered in Python course).

    The best thing to do is look at the last lecture of the course (bonus lecture) it contains all the courses that you can take with this course and a comparison between them.

    Please keep in mind also that this is the nature of all malware, it will eventually get detected, especially that there are 250,000+ students who are trying the same thing, so even when Zaid shows a new method of bypassing AV programs, this method soon becomes detectable, there’s no way he can give you code that would pass AV programs and it would remain that way after a few days, therefore the best thing to do is to learn how to use these tools first, then tackle bypassing AV programs as a completely separate issue, Zaid does cover how to do that by manually editing HEX (in the Social Engineering course) but again if you modify the exact same parts that he modifies, then you won’t make much progress, you need to learn the methodology and try it yourself until you get it working.

Viewing 2 posts - 1 through 2 (of 2 total)
  • You must be logged in to reply to this topic.