40 replies

Hiding keylogger from antivirus

I have a keylogger that I’ve been testing on myself and asked a buddy to test it too on a vm (I told him of course what it was) but antivirus flags it upon download and prevents it. Is there any way to prevent antivirus flagging it/going undetected without turning off antivirus ? I had my friend try it and the download cancels due to the antivirus

w33t•12/17/22, 1:22 AM

Is this a keylogger that you've written yourself?

Uurgent-maroon Is this a keylogger that you've written yourself?

efficient-indigoOP•12/18/22, 2:58 AM

Nope, downloaded

efficient-indigoOP•12/18/22, 2:58 AM

However

efficient-indigoOP•12/18/22, 2:59 AM

I’ve just recently went on a video and gotten someones source code

efficient-indigoOP•12/18/22, 2:59 AM

So now I have one I can actually edit I guess

w33t•12/18/22, 3:07 AM

I have to ask what the purpose of this is. Is it just something to learn or are you intending to deploy it?

Uurgent-maroon I have to ask what the purpose of this is. Is it just something to learn or are ...

efficient-indigoOP•12/18/22, 9:20 PM

Learn/deploy. However it will go on a device I have purchased myself which afaik is legal

FFern Learn/deploy. However it will go on a device I have purchased myself which afaik...

w33t•12/18/22, 11:21 PM

Good to hear. There's a very fine line between doing something to learn, which I love and encourage and doing something with malicious intent, which we don't support here.

As far as that keylogger goes, if it's something already compiled, there really isn't anything you can do for AV evasion. Its hash is likely already well-known and the behavior heuristically is probably well-known too.

Your best bet is writing it yourself and then using obfuscation and AV evasion techniques.

https://www.hivepro.com/antivirus-evasion-techniques/
https://infosecwriteups.com/antivirus-evasion-26a30f072f76?gi=bb1375e52658
https://resources.infosecinstitute.com/topic/antivirus-evasion-tools/

Hive Pro

AntiVirus Evasion Techniques - Hive Pro

Antivirus software looks for, detects, and eliminates viruses as well as other harmful software such as worms, trojans, adware, and others. Such programs are intended to be used as a preventative measure in cyber security, preventing threats from entering your computer and causing harm.

Medium

Antivirus Evasion — Part 1

An Antivirus, by definition, is a software program used to prevent, detect, and eliminate malware and viruses. AVs in general use…

Infosec Resources

Antivirus evasion tools [updated 2021] | Infosec Resources

Often during our penetration testing engagements, we may have to bypass antivirus applications – especially during the post exploitation phase to execute

ordinary-sapphire•12/31/22, 2:10 AM

@final_fantasy7 to bypass av first you must know a bit about it. You have to know a few things about the target (yourself), making malware is an art and there are a lot that goes into it. I suggest trying to learn the whole process before you get started. Some of the things I suggest researching are:
Lockheed Martin kill chain (planning)
Networking(how are you gonna receive the keystrokes how does it work)
A little bit of python (your not going to need the full language)
Git (useful career skill)
How to exit vim (lol)

ordinary-sapphire•12/31/22, 2:10 AM

Idk I’m not an expert and I just started

ordinary-sapphire•12/31/22, 2:11 AM

Learning how to google efficiently is also important

ordinary-sapphire•12/31/22, 2:11 AM

It’s bad if you have to rely on the activity of discord or whatevwr

ordinary-sapphire•12/31/22, 2:11 AM

A lot of people that just start always do that and it’s not a good trait to have

ordinary-sapphire•12/31/22, 2:13 AM

Av detects in a few ways and it will change your attack vector

ordinary-sapphire•12/31/22, 2:15 AM

Is it a one time virus or will it passively take in keystrokes

ordinary-sapphire•12/31/22, 2:15 AM

Don’t do bad stuff with your software it’s not worth it you’d make more money at McDonald’s

ordinary-sapphire•12/31/22, 2:17 AM

Depending on what your software does and your exploitation phase depends on how you will code it and before you start you have to have everything planned out and if you have to change your plan it’s not a good one

ordinary-sapphire•12/31/22, 2:18 AM

One thing that I should do more of is documentation, it’s a good skill to write down EVERYTHING and I mean everything that you do and is something that I wish I did when I first started but it’s only been like a year since I started cybersecurity and I haven’t even really done anything and the stuff that I have done I have deleted so do what you want but this is just my advice

ordinary-sapphire•12/31/22, 2:21 AM

I know documentation will help me later on

ordinary-sapphire•12/31/22, 2:21 AM

If I do decide to do cybersecurity

ordinary-sapphire•12/31/22, 2:22 AM

I’m pretty good at talking about things I know nothing about lmao

w33t•12/31/22, 3:22 AM

https://tenor.com/view/wait-a-minute-wait-what-confused-gif-15074314

Tenor

ordinary-sapphire•12/31/22, 3:24 AM

Did I say anything wrong

w33t•12/31/22, 3:25 AM

Not inherently, it's just a weird way to join a server. A wall of incoherent rambling lmfao.

ordinary-sapphire•12/31/22, 3:26 AM

w33t•12/31/22, 3:26 AM

I don't think the lockheed martin kill chain really applies to AV evasion, though. It's a framework to outline attack methodology. AV evasion is something you tie into your tool, if that makes sense.

ordinary-sapphire•12/31/22, 3:29 AM

You can’t rlly do anything with it without knowing the kill chain

ordinary-sapphire•12/31/22, 3:29 AM

Ig it doesn’t matter if it’s only for yourself

ordinary-sapphire•12/31/22, 3:29 AM

Wich it should be

w33t•12/31/22, 3:30 AM

I can guarantee the kids that broke into Uber don't know the kill chain lmfao

ordinary-sapphire•12/31/22, 3:30 AM

He used social engineering tho right

ordinary-sapphire•12/31/22, 3:30 AM

Not malware

w33t•12/31/22, 3:30 AM

That falls within the kill chain...

w33t•12/31/22, 3:31 AM

It's a framework lol

w33t•12/31/22, 3:31 AM

Like ITIL

ordinary-sapphire•12/31/22, 3:32 AM

Ye ur right

ordinary-sapphire•12/31/22, 3:32 AM

It’s still a good thing to learn and helps a bit with basic knowledge towards general problem solving skills

ordinary-sapphire•12/31/22, 3:37 AM

I have a mountain I need to climb 1. what equipment will I need (climb axe or wtv they use)
2. How will I use this equipment
3. I am now using the equipment what places will I put the axe
4. I’m using the axe now and I’m going up the mountain
5. I’m at the top how will I sleep
6. I need to tell people I’m ok and made it
7. I’m up here ppl know I’m good and now I can go down

ordinary-sapphire•12/31/22, 3:37 AM

Pretty bad analogy

ordinary-sapphire•12/31/22, 3:37 AM

Idk

Hiding keylogger from antivirus

Similar Threads

Similar Threads

Similar Threads