Bypassing Antivirus Engines using Open Sourced Malleable C2 Software, MSFVenom, Powershell and a bit of Guile

BSidesLV 2018

Presented by: Michael Aguilar
Date: Wednesday August 08, 2018
Time: 17:00 - 17:25
Location: Proving Ground

Abstract There are a multitude of Open Sourced C2 software that are readily available for a quick git clone and deployment during a red team engagement. These softwares, though new and sometimes kind of buggy, can offer a unique way to bypass antivirus engines, allowing for undetected entry into a network and lateral movement that can allow you to move around undetected from many modern defenses. The usage of PowerShell scripting in Windows and MSFVenom payload generation in Kali make it all the easier to apply these methods for quick and easy wins. Using these methods and a bit of guile about delivering the payload will allow a Red Teamer to enter into the network easily and bypass perimeter defenses in play and lead to exfiltration of data and ultimately the end goal of your assessment, get as much win as you can.Full Example Locate at: https://informersecurity.com/antivirus_bypass/

Michael Aguilar


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats