The goal is to obtain remote code execution on machine through, e.g.,:
- phishing
- physical transfer of file
- Top 5 ways to breach the external perimeter
- External engagement through spear-phishing
- AV/EDR Bypass for Mimikatz
- Malware Development
To test virus/backdoor/payload without pushing files to virustotal:
These DO NOT CHECK encrypted/payload files on scanners such as:
- novirusthanks.org
- virustotal.com
- virusscan.jotti.org
- virscan.org
- metascan-online.com
- www.virusimune.com.br
To dynamically run an executable without using our own machine, we can use the following online service:
We can go on eicar.com, to have a baseline of antivirus detection.
X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
Test string https://spamassassin.apache.org/gtube/gtube.txt
XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34XSplits a file until it finds out which byte sections are flagged by Windows Defender. DefenderCheck
A list of lolbins with description: Lolbins
- unicorn
- the fatrat
https://raw.githubusercontent.com/kmkz/Pentesting/master/AV_Evasion/AV_Bypass.ps1
https://github.com/gnebbia/Pentesting
https://arty-hlr.com/blog/2021/05/06/how-to-bypass-defender/
And look into: ./malware_dev/