Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Techniques for the manipulation of malicious payloads to improve evasion

Security researchers at the iSwatlab have conducted an analysis of a few methods for the creation of some malicious payloads or shellcodes. This work compares some infamous methods for the creation of malicious payloads or shellcodes. These payloads must be used to create a remote connection between the victim’s machine and the attacker’s machine that […]

Security researchers at the iSwatlab have conducted an analysis of a few methods for the creation of some malicious payloads or shellcodes.

This work compares some infamous methods for the creation of malicious payloads or shellcodes. These payloads must be used to create a remote connection between the victim’s machine and the attacker’s machine that wants to listen and, once a connection is successfully established, obtain sensitive information or make an attack to that user. Their creation was made by using some free tools, running on a Kali Linux machine, that are:

  • Metasploit
  • Veil framework
  • TheFatRat

This comparison is made according to the capability of malicious payloads in bypassing default security systems available on Windows machines and antivirus systems on the market, looking for a way to obtain a payload that manages to be invisible simultaneously to several security systems. Security systems embedded on Windows that have been used and tested for this work are:

  • Windows Defender
  • Windows Firewall
  • Windows SmartScreen

Online scanners have been also used, which perform a check of created files using multiple antivirus engines simultaneously. Scanners then used in this work were:

  • OPSWAT Metadefender
  • Scan4you/Poison Scanner

For each of the used tools, the following table shows the best results obtained by malicious payload creation. Remember that to obtain a good result means being able to bypass Windows security systems (denoted as “Yes” or “No” in the table) and some online scanners (denoted in the table by the number of antivirus solutions which recognize malicious payload on the total number of executed antivirus).

malicious payloads manipulation

(* – Windows SmartScreen can block malicious payload if it is downloaded from the Internet; otherwise, Windows SmartScreen not considers it as malicious)

malicious payloads manipulation

In this report, configured systems for payloads production and testing will be briefly introduced, as well as, to show and to discuss the results from different methodologies trying to create a FUD (fully undetectable) backdoor.

Enjoy the report!

About the Author Prof Corrado Aaron Visaggio

aaron-visaggioCorrado Aaron Visaggio is an assistant professor of Software Security of the MsC in Computer Engineering at the University of Sannio, Italy. He obtained the PhD in computer engineering aWashingsity of Sannio (Italy). His research interests include malware analysis, software security,code assessment, and data privacy. He is the author of more than 70 papers published in international journals, international and national conference proceedings, and books. 
He is responsible of the ISWATLAB a laboratory on Software Security research at the University of Sannio. 
He is member of the CINI CyberSecurity Lab. member of the CINI CyberSecurity Lab. member of the CINI CyberSecurity Lab. 
He is member of the European CyberSecurity Organization at EU.member of the European CyberSecurity Organization at EU.member of the European CyberSecurity Organization at EU.
[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(Security Affairs – malicious payloads, malware)

[adrotate banner=”13″]