Antivirus Evasion with Python

When deploying defense in depth security controls for your organization, you are likely to include antiviruses as part of the solution. That is definitely a good practice as long as we keep in mind that antiviruses are just adding an extra layer of protection and we should never solely depend on it for protecting end-users devices.

A good security program should always include defense in depth controls such as software update governance, firewalls, training/security awareness, physical security, identity management, password policy, etc. However, it is not uncommon for a security engineer to get challenged about the need for those extra layers, and you may need to demonstrate how antiviruses can be easily bypassed to prove your point.

In this article we will present a very straight forward tutorial on how to evade antiviruses on fully patched and updated Windows environments using a Python payload.

Keep in mind that attempting antivirus bypass is a cat and mouse game. Whenever a new evasion technique gets popular, antivirus vendors will eventually learn about it and update their signatures database to block it. Then, new evasion techniques will arise, which will make vendors to add it to their signature database, and so on and so forth.

By the time of this writing, the method described here was successfully used to bypass all the vendor engines available on Virus Total, and get the malicious artifact successfully executed on a fully updated Windows 10 machine with Windows Defender enabled.

Click here to read  the full write up on medium.com

Related Posts
Hackers can play with cranes like toys
https://www.youtube.com/watch?time_continue=89&v=WV5XfHeELdgWhy does everyone leave security until the last minute. These risk would not happen if we build system to be secure, but so many industries are so busy trying to ...
READ MORE
Password Manager Firms Blast Back at ‘Leaky Password’ Revelations
1Password, Dashlane, KeePass and LastPass each downplay what researchers say is a flaw in how the utilities manage memory. Secure password firms 1Password, Dashlane, KeePass and LastPass are blasting a research ...
READ MORE
AV-TEST Awards 2018 go to TrendMicro
Only the best IT protection solutions are contenders for the internationally recognized AV-TEST Awards. After all, with this award, the independent test institute honours only the most effective security products ...
READ MORE
Password Manager Firms Blast Back at ‘Leaky Password’

Leave a Reply

Your email address will not be published. Required fields are marked *

*