Fox-IT routinely performs awareness assessments for its clients. During those assessments, and also during other types engagements such as Red Teams and scenario based pentests, Fox-IT is sometimes hindered by traditional security solutions such as antivirus scanners. To ensure that our tooling works without being detected during engagements Fox-IT sometimes takes a page from black hat hackers. This post describes how we adapted a technique also used by the Mofang group to evade a specific antivirus product during an awareness assessment. Also included as a quick POC on how to easily perform your own DLL hijacking attack using a meterpreter and a browser.
Please find the whole blog attached to this page.