How to improve reverse tcp/http meterpreter backdoors so they aren’t discover by Windows Defender ? – Digitalmunition




Home Forums How to improve reverse tcp/http meterpreter backdoors so they aren’t discover by Windows Defender ?

This topic contains 1 reply, has 2 voices, and was last updated by  Carson_Blocks 1 month, 1 week ago.

  • Author
    Posts
  • #279518

    anonymous
    Participant

    I’ve been testing the different windows backdoors available in Veil and Metasploit, with their default settings and changing a few options (when possible) to try and generate a different signature. Still, as soon as I save the binary to the Windows 10 virtual machine, the Windows threat system detects it, and removes it immediately.

    If I manually stop real-time scanning and shields for windows defender threats then it allows me to copy and run the various payload.exe. But it is obviously not encouraging that they only serve in that setting. Any recommendation to avoid antivirus?

    I thought that maybe mixing payload.exe with some file to build a more complex Trojan might change the signature of the entire file, but I have the feeling that the antivirus is capable of detecting the threat only because it has that payload.exe inside.

  • #279519

    Carson_Blocks

    Changing options on canned payloads isn’t going to change the signature. That’s the downside to running canned skiddie exploits.

You must be logged in to reply to this topic.