Finding Simple AV Signatures with PowerShell

By | January 10, 2013

Source: obscuresecurity.blogpost.com

Sec11In this article “As a penetration tester, one of the best methods of dealing with antivirus products is to avoid them all together. Most AV products work by analyzing binaries that have been written to the disk. If you don’t write a PE (i.e. exe, dll, etc…) to the hard drive, you don’t have to worry about the majority of AV products. This is typically accomplished by utilizing memory-resident tools such as Meterpreter executed with the Inject-Shellcode PowerShell script.”

Leave a Reply