原文链接
http://tipstrickshack.blogspot.com/2013/10/list-of-differnet-av-evasion-frameworks.html
感觉直译成AV规避框架挺蛋疼.
//————————————————————————————-
主要是针对Msf生产的payload进行免杀.不一定要求做到全免杀,至少能够对某一特定的AV进行免杀.
0x01 Veil
Python写的,每月15号会放出新的Payload
https://github.com/Veil-Framework/Veil-Evasion
0x02 AVoid
https://github.com/nccgroup/metasploitavevasion/
0x03 Syringe
https://syringe-antivirus-bypass.googlecode.com
0x04 Shellcodeexec
https://github.com/inquisb/shellcodeexec
0x05 Hypersion
http://nullsecurity.net/tools/
0x06 Crypter.Py
http://home.base.be/%72%68%69%6e%63%6b%78%74/script.zip
0x07 Brute-Force AV Evasion
https://raw.github.com/obscuresec/random/master/GenPayloads.py
0x08 Finding Simple AV Signatures With PowerShell
http://www.obscuresecurity.blogspot.in/2012/12/finding-simple-av-signatures-with.html
专门搞定基于签名的AV
0x09 Powershell
Psm的绕过AV技巧
http://tipstrickshack.blogspot.com/2013/08/bypass-av-using-powershell-method-using.html
http://pentesterscript.wordpress.com/2013/10/15/get-shell-using-powersploit/
http://tipstrickshack.blogspot.com/2014/01/deliver-powershell-payload-using-macro.html
0x10 Get Shell Using VB Script
从Msf偷点感染word和excel的小技巧用到你自己的payload中
http://tipstrickshack.blogspot.com/2013/10/get-shell-using-shellcode-in-macro.html
0x11 Ghost Writing ASM
主要是用Metasm来编译Msf生成的bin,随便往里面添加垃圾代码
(话说我用FASM生生,红伞怎么都杀啊…PE header啊…)
http://www.pentestgeek.com/2012/01/25/using-metasm-to-avoid-antivirus-detection-ghost-writing-asm
0x12 Different Pivoting Technique To Bypass AV
各种Pivot技巧,
http://tipstrickshack.blogspot.com/2014/02/how-to-install-and-use-veil-catapult-in.html
http://www.pentestgeek.com/2013/10/23/smbexec-2-0-released/
http://bernardodamele.blogspot.com/2009/12/keimpx-in-action.html
https://code.google.com/p/passing-the-hash/
Metasploit module:- powershell_psexec , psexec_psh , psexec_command