Jump to content

Malware and Self Programmed Code


articzebra
 Share

Recommended Posts

Hi guys, I think I've got to 'that' particular point in my journey to understand penetration testing and ethical hacking. And it's led me to the belief that many of the frameworks and automated scripts are likely to be flagged by antivirus/IDS. How I came to this conclusion? I've tried out many of the frameworks from Veil to Metasploit and although they are all incredibly useful and are by no means obsolete in their usage and potential they do end up being flagged A LOT by virus scanning. I do my scanning with scanners that are known not to share results, by the way.

That being said, I'm beginning to wonder if learning how to program will make the process of exploiting a system easier. My question is;
Will AV detect a program based on it's behaviour? If so, is it likely to flag any program which acts suspiciously? I'm aware that modern AV uses more than static detection and depends on heuristic analysis as well as sandboxing etc. So, how far does the knowledge of programming go towards developing and compiling something which is likely to evade AV detection? I mean, obviously it has to depend on certain factors like how well programmed your malware is and no doubt how obvious it is at performing certain actions etc.
Can anyone who develops/compiles their own code enlighten me on this area a little more? I've read articles online pertaining to highlight the advantages of coding your own programs and then executing them but I've found so far that none really give any sort of information on the advantage compared to using automated scripts and frameworks alone.

If I was to begin learning how to create a backdoor in Python, compared to an automated backdoor made in Metasploit or Veil, what are the chances of it being detected? Also, how would you factor in utilizing common evasion techniques like packing and crypting and file pumping etc when these tools are usually, from my knowledge anyway, likely to have been reverse engineered?

Thanks guys!

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...