> Bypass Antivirus Software ## Methods of Detecting Malicious Code ## Bypassing Antivirus Detection ### On-Disk Evasion 1. Packers Generate smaller, functional equivalent and completely new binary stucture. New Signature. 2. Obfuscators Replacing instructions with semantically equivalent ones, inserting irrelevant instructions, and dead code. Splitting and reordering functions. 3. Crypters Cryptographically alter executable code, adding a decrypting stub to restore original code upon execution. Decryption happens in memory, leaving encrypted code on disk. 4. Software Protectors ### In-Memory Evasion Doesn't write any code to disk. #### Remote Process Memory Injection Allocate memory in some valid PE that's not malicious. Copy malicious payload to newly allocated memory. #### Reflective DLL Injection #### Process Hollowing Launch non-malicous process in suspended state. Image of process removed from memory and replaced with malicous image. Then resume process and execute malicous code. #### Inline Hooking Modifying memory to redirect code execution to point to malicous code in a modified function . Flow will return to modified function and resume execution. ## Shellter Shell code injection tool. Most popular free tool bypassing AV software. ```bash sudo apt install shellter sudo shellter ```