Whitelist

Veil Framework (III): Evasion -> AES (encryption) -> Msfvenom

ANTIVIRUS EVASION /Veil Framework (III): Evasion -> AES (encryption) -> Msfvenom

- Layout for this exercise:

- The goal of this exercise is to achieve a reasonable good rate of Anti Virus evasion using the Veil Framework with Evasion, AES (encryption) and Msfvenom

1 - Veil-Evasion with AES and Msfvenom

- Launching the program:

- Listing the available tools:

- Using Evasion:

- Listing Evasion payloads:

- Let's take the payload number 29, what injects an AES Python script:

- Generating the payload:

- Using MSFVenom:

- Entering a name test2.exe:

- Using Pyinstaller:

- The Veil files are created and stored in these folders:

2 - Setting up a Metasploit handler session on Kali Linux

- Using the newly created test2.rc as a reference file, Msfconsole opens a handler session:

3 - Running the .exe file on the victim Windows 10

- Establishing a simple web server on Kali Linux:

- Accesing test2.exe and downloading it to Windows 10:

- Running test2.exe:

- A successful Meterpreter session is created:

4 - Checking the Anti Virus evasion rate

- Checking test2.exe against Virus total, a rate of 60.3% evasion success is achieved:

- Checking test2.exe against No Distribute, a rate of 67.5% evasion success is achieved:

- Clearly, the use of encryption to generate the payload improves the success rate of Anti Virus evasion.

Veil Framework (II): Evasion (no encryption / no encoding)

ANTIVIRUS EVASION / Veil Framework (II): Evasion (no encryption / no encoding)

- Layout for this exercise:

- The goal of this exercise is to check the rate of Anti Virus evasion success using the Veil Framework with Evasion.

- The success rate will be good, though in this simple exercise we aren't using encryption or encoding for the generated payload.

- On next exercises the success rate will be improved because encryption and encoding will be used.

1 - Generating a payload with Veil-Evasion

- Launching the program:

- Listing the available tools:

- Using Evasion:

- Listing Evasion payloads:

- Taking the number 7) payload, a meterpreter reversion shellcode:

- Setting Kali Linux as LHOST:

- Generating the payload:

- Giving a name test1.exe:

- The Veil files are created and stored in these folders:

2 - Launching the attack

- The generated executable test1.exe is here:

- Setting up a simple web server:

- Transferring the file to the victim Windows 10:

- The reference file test1.rc is here:

- A handler session is created, launching Mestasploit taking test1.rc as a reference

- Running test1.exe at Windows 10:

- The attack is successful and a Meterpreter session is achieved:

3 - Checking the Anti Virus evasion rate

- Checking test1.exe against Virus Total a rate of 59% evasion success is achieved:

- Checking test1.exe against No Distribute a rate of 56.7% evasion success is achieved:

Veil Framework (I): Installation and Setup

ANTIVIRUS EVASION / Veil Framework (I): Installation and setup

- Layout for this exercise:

1 - Introduction to Veil Framework

- The Veil Framework is a collection of security tools that implement various attack methods focused on evading antivirus detection.

https://www.veil-framework.com/framework/

https://github.com/Veil-Framework

- The most recent version at this moment (Veil 3.1.4) is composed of these tools:

a) Evasion generates payload executables that bypass common antivirus solutions.

b) Ordnance quickly generates Metasploit stager shellcode.