Summary
In this chapter, we explored techniques for evading detection by AV and EDR systems during pentests, focusing on Bash shell scripting. We covered methods for gathering information about the security environment, basic and advanced obfuscation techniques, and strategies for automating the generation of evasive scripts.
We learned how to use Bash commands to identify installed security software and active monitoring processes. We examined various obfuscation methods, including variable name obfuscation, command substitution, and encoding techniques. We also covered advanced evasion tactics such as timing-based evasion and transferring data using DNS. Finally, we discussed the development of a framework for generating obfuscated Bash scripts and testing their effectiveness against common AV and EDR solutions.
The value of these techniques will become apparent as more stakeholders install endpoint protection agents on Linux systems. This will make it more difficult to pentest...
