Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use encryption technique to avoid AV static analyst #1

Open
S0c5 opened this issue Apr 12, 2020 · 1 comment
Open

Use encryption technique to avoid AV static analyst #1

S0c5 opened this issue Apr 12, 2020 · 1 comment

Comments

@S0c5
Copy link

S0c5 commented Apr 12, 2020
edited
Loading

Hello!
I used to use this technique to inject payloads in binaries, but the problem is that the AV static analyst find the malicious payloads if they are well known, so you can include the payload encrypted and include the stub to decrypt it before is called.

Linux-Shellcode-Generator/Shellcode-Injectable-Project/shellcode.c

Line 4 in b2a9d1a

char code[] ="\x31\xc0\x31\xdb\x31\xd2\x31\xc9\xb0\x04\xb3\x01\xb9\xa0\x90\x04\x08\xba\x1c\x00\x00\x00\xcd\x80\x31\xc0\xb0\x01\x31\xdb\xcd\x80";

In this line, you can include the encrypted payload and the key to decrypt it before runs the script, that allow you to avoid some AV static analysts.

Linux-Shellcode-Generator/shellcode.sh

Line 20 in b2a9d1a

function injectShellcode {

@thEpisode
Copy link
Owner

Good! that is awesome!, I will include a function to encrypt the payload because at the moment these payload is only an example for use. Could you recommend me a good encryption method for payloads?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@S0c5 @thEpisode