Bypassing Antivirus: With Understanding Comes Ease - SANS@Mic

  • Wednesday, 09 Dec 2020 7:30PM CST (10 Dec 2020 01:30 UTC)
  • Speaker: Jeff McJunkin

The job of a penetration tester is to emulate real-world, realistic adversaries to compromise the client, and explain the business risks of the technical findings. Those pesky real-world adversaries bypass AV all the time, even with essentially the same malware, over and over.

How do they do it? Simple. By understanding what traps AV is setting, you can step around, jump over, or disable those traps before sauntering to your destination unhindered. I can't help with your saunter, but I can help you understand and bypass AV using arbitrary payloads (whether Cobalt Strike, Metasploit, Covenant, Mystic, SILENTTRINITY, or whichever) in many ways, all in less than an hour.