Giters

DeadlyCoderr / deadlybug

Quick project made in C# to check for viruses and injections.

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

DeadlyBug | By DeadlyCoderr

Download:

Windows: Download

Some features

  • when running a .exe file made with msfpayload & co, the file will often be recognized by antivirus software
  • AVET is an antivirus evasion tool targeting windows machines with executable files
  • different kinds of input payloads can be used now: shellcode, exe and dlls
  • more techniques available: shellcode/dll injection, process hollowing and more
  • flexible retrieval methods for payload, decryption key, etc.
  • usage as a dropper
  • Chaining multiple iterations of AVET enables you to add multiple evasion layers, if necessary
  • combination of techniques: download your encrypted payload via powershell, while supplying the decryption key via command line argument at execution time, and finally inject your payload into another process, choosing from multiple techniques
  • basic sandbox checks
  • generation of adversarial examples against static detectors based on machine learning
  • execute all available build scripts with build_script_tester.py, might also be interesting for researchers for building a set of "malicious" samples using different evasion and injection techniques

Important Note

Not all techniques will evade every AV engine. If one technique or build script does not work, please test another one. Feel free to experiment! After all this is a toolbox - yet you should wield the hammer yourself.

Installation

The Installtion Instruction applies for Kali 64bit and tdm-gcc!

You can use the setup script:

./setup.sh

This should automatically get you started by installing/configuring wine and installing tdm-gcc. You'll shortly have to click through the tdm-gcc installer GUI though - standard settings should be fine. The script will also ask if you want to install AVET's dependencies, which are needed to use some of the build scripts. The fetched dependencies will be put into separate folders next to the avet folder.

Dependencies will grab the latest releases of:

If for whatever reason you want to install wine and tdm-gcc manually:

Docker

If you are not using Kali or don't want to install Metasploit on your system, you can use the Docker Container instead. The container encapsulates Metasploit and avet and the samples will be created in your current directory. It is also possible to use an graphical text editor like gedit.

Building the container:

sudo docker build -t avet:v0.1 .

Usage:

sudo docker run -it --net=host --env="DISPLAY" --volume="$HOME/.Xauthority:/root/.Xauthority:rw" -v $(pwd):/tools/avet/output avet:v0.1 /bin/bash

For a better experience it is recommend to alias this.

# In your .bash_profile, .bashrc or .bash_aliases

alias avet='sudo docker run -it --net=host --env="DISPLAY" --volume="$HOME/.Xauthority:/root/.Xauthority:rw" -v $(pwd):/tools/avet/output avet /bin/bash'

About

Quick project made in C# to check for viruses and injections.