Re: hiding netcat from AV



I saw earlier that video Chris refers. Its an interesting demonstration.
But its not aimed for bypass an AV with "online" or resident protection
apparently. Anyway its an nice alternative for bypassing mail servers
with AV protection.

Greetings

Ramiro
Hey Jim,

you might be interested in one of the recent schmoocon presentations.
In the presentation, the presenter demonstrates exactly how to modify
an already compiled exe to bypass signature based AV detection using
assembly XOR encoding and decoding.

The video is located here:

http://www.shmoocon.org/2008/videos/

It's called backtrack demo.

The site appears to be down right now though... Odd.



On Wed, Jul 30, 2008 at 2:35 PM, James Kelly <macubergeek@xxxxxxxxxxx> wrote:
Hi
I'm researching the various ways to hide netcat from AV

The most success I've found is with an idea I got from the new Syngress
netcat book.
basicly add a commented out text block near the top of netcat.c and
recompile
I tried this with about 20 lines of random hex and uploaded it to
www.virustotal.com with great success.

Has anyone had success with exe encryptors? I've tried telock and it seems
to have little effect on AV detectability.

Jim

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Top 5 Common Mistakes inSecuring Web Applications
Get 45 Min Video and PPT Slides

www.cenzic.com/landing/securityfocus/hackinar
------------------------------------------------------------------------



------------------------------------------------------------------------
This list is sponsored by: Cenzic

Top 5 Common Mistakes in Securing Web Applications
Get 45 Min Video and PPT Slides

www.cenzic.com/landing/securityfocus/hackinar
------------------------------------------------------------------------




------------------------------------------------------------------------
This list is sponsored by: Cenzic

Top 5 Common Mistakes in Securing Web Applications
Get 45 Min Video and PPT Slides

www.cenzic.com/landing/securityfocus/hackinar
------------------------------------------------------------------------



Relevant Pages

  • Re: Mitsubishi PIP Bypass - Help
    ... and output levels of the video for the PIP module. ... complex than a simple cap bypass. ... > tech and rebuilding the board is clearly beyond my abilities. ... > looking for low-cost options. ...
    (sci.electronics.repair)
  • Re: How do we access to video sites,chatting which was blocked in company?
    ... WHAT "video sites"? ... there is no easy way to bypass that. ... a remote proxy site that you can access but which is free to contact ... I dont know of any free public access sites of this nature though. ...
    (rec.video.desktop)
  • Re: Performance feedback not working
    ... BTW I suppose you know SW has a diagnostic tool Solidworks Rx accessible ... from the programs menus...you can run on software openGL to bypass your ... video through there to eliminate that as a source of your problem ...
    (comp.cad.solidworks)
  • Re: what is happening to my TV?
    ... > will using the audio and video jacks instead of the single coax jack ... should also work and bypass the problem as well. ...
    (sci.electronics.repair)
  • Re: port 18302
    ... Securing Web Applications ... Get 45 Min Video and PPT Slides ...
    (Pen-Test)