Anti-virus (heuristic) evasion

Anti-virus detection during phishing simulations

Anti-virus (heuristic) evasion

Overview

Fox-IT routinely performs awareness assessments for its clients. During those assessments, and also during other types engagements such as Red Teams and scenario based pentests, Fox-IT is sometimes hindered by traditional security solutions such as antivirus scanners. To ensure that our tooling works without being detected during engagements Fox-IT sometimes takes a page from black hat hackers. This post describes how we adapted a technique also used by the Mofang group to evade a specific antivirus product during an awareness assessment. Also included as a quick POC on how to easily perform your own DLL hijacking attack using a meterpreter and a browser.

Please find the whole blog attached to this page.

Now at Fox-IT

Contact us

+31 (0) 15 284 79 99

fox@fox-it.com

Delft