Hiding keylogger from antivirus
I have a keylogger that I’ve been testing on myself and asked a buddy to test it too on a vm (I told him of course what it was) but antivirus flags it upon download and prevents it. Is there any way to prevent antivirus flagging it/going undetected without turning off antivirus ? I had my friend try it and the download cancels due to the antivirus
16 Replies
Is this a keylogger that you've written yourself?
Nope, downloaded
However
I’ve just recently went on a video and gotten someones source code
So now I have one I can actually edit I guess
I have to ask what the purpose of this is. Is it just something to learn or are you intending to deploy it?
Learn/deploy. However it will go on a device I have purchased myself which afaik is legal
Good to hear. There's a very fine line between doing something to learn, which I love and encourage and doing something with malicious intent, which we don't support here.
As far as that keylogger goes, if it's something already compiled, there really isn't anything you can do for AV evasion. Its hash is likely already well-known and the behavior heuristically is probably well-known too.
Your best bet is writing it yourself and then using obfuscation and AV evasion techniques.
https://www.hivepro.com/antivirus-evasion-techniques/
https://infosecwriteups.com/antivirus-evasion-26a30f072f76?gi=bb1375e52658
https://resources.infosecinstitute.com/topic/antivirus-evasion-tools/
Hive Pro
AntiVirus Evasion Techniques - Hive Pro
Antivirus software looks for, detects, and eliminates viruses as well as other harmful software such as worms, trojans, adware, and others. Such programs are intended to be used as a preventative measure in cyber security, preventing threats from entering your computer and causing harm.
Medium
Antivirus Evasion — Part 1
An Antivirus, by definition, is a software program used to prevent, detect, and eliminate malware and viruses. AVs in general use…
Infosec Resources
Antivirus evasion tools [updated 2021] | Infosec Resources
Often during our penetration testing engagements, we may have to bypass antivirus applications – especially during the post exploitation phase to execute
@final_fantasy7 to bypass av first you must know a bit about it. You have to know a few things about the target (yourself), making malware is an art and there are a lot that goes into it. I suggest trying to learn the whole process before you get started. Some of the things I suggest researching are:
Lockheed Martin kill chain (planning)
Networking(how are you gonna receive the keystrokes how does it work)
A little bit of python (your not going to need the full language)
Git (useful career skill)
How to exit vim (lol)
Idk I’m not an expert and I just started
Learning how to google efficiently is also important
It’s bad if you have to rely on the activity of discord or whatevwr
A lot of people that just start always do that and it’s not a good trait to have
Av detects in a few ways and it will change your attack vector
Is it a one time virus or will it passively take in keystrokes
Don’t do bad stuff with your software it’s not worth it you’d make more money at McDonald’s
Depending on what your software does and your exploitation phase depends on how you will code it and before you start you have to have everything planned out and if you have to change your plan it’s not a good one
One thing that I should do more of is documentation, it’s a good skill to write down EVERYTHING and I mean everything that you do and is something that I wish I did when I first started but it’s only been like a year since I started cybersecurity and I haven’t even really done anything and the stuff that I have done I have deleted so do what you want but this is just my advice
I know documentation will help me later on
If I do decide to do cybersecurity
I’m pretty good at talking about things I know nothing about lmao
Did I say anything wrong
Not inherently, it's just a weird way to join a server. A wall of incoherent rambling lmfao.
😢
I don't think the lockheed martin kill chain really applies to AV evasion, though. It's a framework to outline attack methodology. AV evasion is something you tie into your tool, if that makes sense.
You can’t rlly do anything with it without knowing the kill chain
Ig it doesn’t matter if it’s only for yourself
Wich it should be
I can guarantee the kids that broke into Uber don't know the kill chain lmfao
He used social engineering tho right
Not malware
That falls within the kill chain...
It's a framework lol
Like ITIL
Ye ur right
It’s still a good thing to learn and helps a bit with basic knowledge towards general problem solving skills
I have a mountain I need to climb 1. what equipment will I need (climb axe or wtv they use)
2. How will I use this equipment
3. I am now using the equipment what places will I put the axe
4. I’m using the axe now and I’m going up the mountain
5. I’m at the top how will I sleep
6. I need to tell people I’m ok and made it
7. I’m up here ppl know I’m good and now I can go down
Pretty bad analogy
Idk