Hello people from 0x00 sec! I’m new here so if I haven’t categorized my question properly I apologize.
So my question was, how do people make FUD payloads in this day and age?
Obviously anti-virus’s and the like have figured out some of the old methods of encoding and so most don’t work anymore. I was told that creating a batch virus instead of an exe can bypass some restraints, but have yet to try it.
I didn’t write this up in a practical sense either, I’m just generally curious of how people make an FUD and any info would be appreciated ;p
Knowing how to create undetectable payloads naturally requires you to understand how anti-virus software works so if you do not understand this then it’s pretty hard to know what to do. I’d highly recommend you do some reading on not only this but also on how the Windows operating system works at a relatively low level, i.e. knowing the WinAPI, memory, special objects such as the registry, file formats, disassembly and debugging, etc.
I have a repository on the GitLab that has some resources on how anti-virus works and past methods discovered used in an attempt to defeat detection so if you wish to see them, register an account at https://gitlab.s-3.tech/ and then head over here: https://gitlab.s-3.tech/93aef0ce4dd141ece6f5/Resource-Dump/tree/master/Antivirus. If there are any issues accessing the repo, just message me your username and I will add you as a guest.
Discussion on this would be incredibly extensive which is probably better on a live chat medium such as our IRC at irc.0x00sec.org:6697+ where @Leeky and I are always actively discussing malware . If you just want to do it here then that is also fine.
I agree with @dtm , you have to understand how antivirus work and try to find a way to bypass it.
also good knowledge of windows api well help , for example I was using virtualalloc() function in my code and after days it was detected , I change it to NTvirtualalloc() , and it worked fine (FUD)
.Some people doesn’t know how the antivirus work ,but still they create FUD , but maybe they tried 10000 time , In the end if you want to create a FUD : Understand how the antivirus works,there is a book called “antivirus hackers’s handbook” it will help you.
. If you just want to do it here then that is also fine.
(
404)