Viewing 4 posts - 1 through 4 (of 4 total)
  • Author
    Posts
  • #43664
    AvatarHizzy
    Participant

    Hi,

    The .bat backdoor generated was detected by 3 AVs but when I remove the first word “powershell” at the beginning of the script it does not get detected. Is there another word I can use to replace powershell so that the backdoor does not get detected and it still gets executed as normal?

    I tried using just ps in place of powershell but that doesn’t help.

    Thanks

    #43710
    diegodiego
    Moderator

    Hi!
    No, powrshell word needs to be used.
    Basically bypassing AV programs is like a game of cat and mouse, so backdoors might start getting detected at some stage, then the developers release an update, this will allow you to generate undetectable backdoors, then AV programs release an update which will make backdoors detectable ……..

    So the main thing is to make sure that Veil or any other tool you’re using to generate the backdoor is up to date.​​
    Here’s a few solutions to try if your backdoor is getting detected:

    1. Make sure that you have the latest version of Veil, so do ​updated ​before doing ​use 1.
    ​2. Experiment with different payloads, and experiment with different payload options and you should be able to bypass it.​
    3. Try generating a backdoor using the fat rat, empire.
    4. Modify backdoor code if its in bat as shown in lecture 33.
    5. Modify backdoor using a hex editor as shown in lecture 40.
    6. Create your own backdoor (covered in python course).

    The best thing to do is look at the last lecture of the course (bonus lecture) it contains all the courses that you can take with this course and a comparison between them.

    Also check out this video:

    How To Create Fully Undetectable Backdoors

    Hope it helps!
    Diego

    #43715
    AvatarHizzy
    Participant

    Hello Diego,

    Thanks for the reply. I have done most of the processes above over and it actually go me to where I am now. I am also taking the python course as well and I know I might need some more time to get the desired results.

    I was just about to try something else. The way Zaid in one of the lectures had to split powershell into C = pow… Then c + er… etc.

    Don’t know if that will work but I ll give it a try anyway and keep working around it.

    #43771
    diegodiego
    Moderator

    Hi!
    Yeah! That’s it, keep trying is the way.

    Greetings!
    Diego

Viewing 4 posts - 1 through 4 (of 4 total)
  • You must be logged in to reply to this topic.