articzebra Posted July 22, 2019 Share Posted July 22, 2019 Hi guys, I think I've got to 'that' particular point in my journey to understand penetration testing and ethical hacking. And it's led me to the belief that many of the frameworks and automated scripts are likely to be flagged by antivirus/IDS. How I came to this conclusion? I've tried out many of the frameworks from Veil to Metasploit and although they are all incredibly useful and are by no means obsolete in their usage and potential they do end up being flagged A LOT by virus scanning. I do my scanning with scanners that are known not to share results, by the way. That being said, I'm beginning to wonder if learning how to program will make the process of exploiting a system easier. My question is; Will AV detect a program based on it's behaviour? If so, is it likely to flag any program which acts suspiciously? I'm aware that modern AV uses more than static detection and depends on heuristic analysis as well as sandboxing etc. So, how far does the knowledge of programming go towards developing and compiling something which is likely to evade AV detection? I mean, obviously it has to depend on certain factors like how well programmed your malware is and no doubt how obvious it is at performing certain actions etc. Can anyone who develops/compiles their own code enlighten me on this area a little more? I've read articles online pertaining to highlight the advantages of coding your own programs and then executing them but I've found so far that none really give any sort of information on the advantage compared to using automated scripts and frameworks alone. If I was to begin learning how to create a backdoor in Python, compared to an automated backdoor made in Metasploit or Veil, what are the chances of it being detected? Also, how would you factor in utilizing common evasion techniques like packing and crypting and file pumping etc when these tools are usually, from my knowledge anyway, likely to have been reverse engineered? Thanks guys! Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.