Antivirus has long been considered the first line of defense when malicious actors attempt to compromise a target machine, but it is not a silver bullet for defending against cyberattacks—particularly when new vulnerabilities are discovered 和 exploited. Rapid7’s Metasploit team has been researching techniques to evade common antivirus products so the broader security community can boost their security defenses by better anticipating 和 mitigating these approaches.
概述
Rapid7’s Metasploit team has introduced several new capabilities into Metasploit to support antivirus evasion, including a code r和omization framework, novel antivirus emulation-detecting code, encoding 和 encrypting routines, 和 a new evasion module type to make it easy to add further evasion techniques into Metasploit.
These capabilities help module developers 和 users build solutions for penetration testers who are pushing the boundaries of customer defenses, assist researchers 和 developers in improving 和 testing defensive tools, 和 enable IT professionals to more effectively illustrate evolving attacker techniques.
In this whitepaper, we offer details of the engineering work that underpins Metasploit’s new evasion capabilities, as well as example code for creating an evasion module yourself.
Evade antivirus products, not knowledge: Check out the full whitepaper.
读到现在Have attackers evaded your antivirus solution?
Know if you’ve been compromised with InsightIDR, Rapid7's incident detection 和 response solution.