AV Evasion With the Veil Framework

As antivirus (finally) has started to slowly increase in effectiveness, more and more of the payloads used during penetration tests are being caught. While the industry as a whole has demonstrated its capabilities of bypassing AV solutions in nearly all situations, valuable assessment time is often lost.

The Veil-Evasion Framework (Veil) was developed to solve this problem by offering a modular, open-source, and UI focused framework for generating AV-evading payloads in a programming language and technique agnostic way. Veil's structure greatly simplifies payload generation and allows for the integration of public and private AV evasion methods. In this talk we will go over the genesis of the framework, its structure and features, and how to develop your own payload modules. Recently released modules will also be covered, and our implementation of a lesser known shellcode injection method will be released.

We will also cover public reaction and disclosure ethics, and we plan on releasing Veil-Catapult, our payload delivery tool. Veil-Catapult extends the capabilities of the existing Veil framework by utilizing various methods to deliver and trigger payloads across targeted machines. We will conclude with a discussion of current and future mitigation strategies to combat Veil's effectiveness.

Presented by