Posts tagged Antivirus

1 min Metasploit

Introducing Metasploit’s First Evasion Modules

Rapid7's Metasploit team is proud to announce we have released the first-ever antivirus evasion module in Metasploit Framework.

7 min Metasploit

Hiding Metasploit Shellcode to Evade Windows Defender

Being on the offensive side in the security field, I personally have a lot of respect for the researchers and engineers in the antivirus industry, and the companies dedicated to investing so much in them. If malware development is a cat-and-mouse game, then I would say that the industry creates some of the most terrifying hunters. Penetration testers and red teamers suffer the most from this while using Metasploit [], which forced me to look into how to

7 min Haxmas

The Twelve Pains of Infosec

One of my favorite Christmas carols is the 12 Days of Christmas []. Back in the 90's, a satire of the song came out in the form of the 12 Pains of Christmas [], which had me rolling on the floor in laughter, and still does. Now that I am in information security, I decided it is time for a new satire, maybe this will start a new tradition, and so I am presenting, the 12 Pains of Infosec. ----------------------

5 min Antivirus

Finding and Protecting mission-critical assets with ControlsInsight

ControlsInsight helps organizations measure how well critical security controls are deployed and configured throughout the enterprise.   Yet, as hard you may try, it's extremely difficult to protect every asset on your network perfectly, and it's often necessary to prioritize "misson-critical" assets that store important or sensitive business data. Clearly, securing the laptop computer of Sally, the chief financial officer, is much more important than securing Joe the intern's laptop, which prob

3 min Antivirus

UserInsight's New User Statistics Provide Great Visibility for Incident Responders

Nate Silver made statistics sexy, and we're riding that wave. But seriously, breaking down some of the more noisy alerts on the network by users and showing you spikes can really help you detect and investigate unusual activity. That's why we've built a new UserInsight feature that shows you anti-virus alerts, vulnerabilities, firewall activity, IDS/IPS alerts, and authentications by users that show the most activity and enable you to dig in deeper by filtering by user. You can get to the new st

3 min Antivirus

Is AV dead? Why Symantec's executive is only half right about the state of anti-virus software

This week, a Symantec executive proclaimed that anti-virus is dead [] . Given the company's position in the AV market, it may be the most discussed comment coming from Symantec for some time; though in and of itself, I'm not sure the statement would elicit much of an argument from most security professionals.  Oh, except for the other AV vendors of course. For our own p

2 min Antivirus

Anti-Virus Evasion Makes Vulnerability Validation More Accurate

When think talk about anti-virus evasion, we mostly do so in the context of a penetration test: If the "bad guys" can evade AV solutions because they write custom payloads, then a penetration tester must do the same to simulate an attack. However, AV evasion is also critical to vulnerability validation []. While a full-scale penetration test looks for any way into the network, vulnerability validation surgically examines one vulner

3 min Antivirus

Won't Someone Think of The AV Vendors?

Got Too Many Shells? Since the release of Metasploit 4.9, have you, the dedicated and resourceful penetration tester, been having is problem with being too successful at skipping past the defender's detection efforts [/2014/03/26/new-metasploit-49-helps-evade-anti-virus-solutions-test-network-segmentation-and-increase-productivity-for-penetration-testers] ? Are you getting too many shells? Maybe you're getting a little embarrassed for the IT guys who are wondering what the heck just happened

2 min Antivirus

ControlsInsight...Controls discussed.

Rapid7 ControlsInsight [] allows organizations to quickly assess the deployment and configuration of 11 critical security controls from one platform; we'd like to take a brief look at these controls to discuss what they are and what they mean to the organization (Or as one of my professors was known to bark out at the end of a less than compelling presentation, "So what?")  Previous blogs have looked at unique password [/2013/10/29/the-controlsinsi

7 min Antivirus

12 Days of HaXmas: A Cat and Mouse Game Between Exploits and Antivirus

This post is the twelfth, and last, in a series, 12 Days of HaXmas, where we take a look at some of the more notable advancements in the Metasploit Framework over the course of 2013. In the final episode of 12 Days of HaXmas, we'll talk about the holy war between browser exploits vs antivirus. It will sound a little biased from time to time, but note that It is not meant to compare who is better -- I don't have the resources to compare the entire matrix of AV solutions [https://en.wikipedia.or

7 min Metasploit

PSExec Demystified

Multiple modules inside the Metasploit Framework bear the title PSExec, which may be confusing to some users. When someone simply refers to “the PSExec module”, they typically mean exploit/windows/smb/psexec, the original PSExec module. Other modules are more recent additions, and make use of the PSExec technique in other ways. Here's a quick overview of what these modules are for: Metasploit Module Purpose Comment exploit/windows/smb/psexec Evading anti-virus detection Service EXE

1 min Metasploit

Evading Anti-Virus Detection - Whiteboard Wednesday

In today's Whiteboard Wednesday, David Maloney [] explains anti-virus evasion techniques for Metasploit. In order to make the most of Metasploit pen testing techniques in delivering payloads, you need to be able to deliver those payloads without anti-virus flagging them. David walks us through a few examples on how to bypass anti-virus detection so you can easily pen test your systems. Watch the video here! [

8 min Metasploit

The Odd Couple: Metasploit and Antivirus Solutions

I hear a lot of questions concerning antivirus evasion with Metasploit, so I'd like to share some the information critical to understanding this problem. This blog post is not designed to give you surefire antivirus (AV) evasion techniques, but rather to help you understand the fundamentals of the issue. A Quick Glossary Before we begin, let's define a few terms. This will be important for understanding some of the things we will discuss. Payload: A payload is the actual code that is being del

3 min Metasploit

How to Fly Under the Radar of AV and IPS with Metasploit's Stealth Features

When conducting a penetration testing assignment, one objective may be to get into the network without tripping any of the alarms, such as IDS/IPS or anti-virus. Enterprises typically add this to the requirements to test if their defenses are good enough to detect an advanced attacker. Here's how you can make sure you can sneak in and out without "getting caught". Scan speed First of all, bear in mind that you'll want to slow down your initial network scan so you don't raise suspicion by crea

1 min Antivirus

Become invisible to anti-virus protection

Wouldn't it be fantastic to be invisible for a day? Walk straight into a bank vault in the morning, be a fly on the wall in the Oval Office for lunch, and spend an evening in your favorite movie star's house. Well, now you can - with Metasploit! We tested our Metasploit invisibility cloak on a field day recently. Our venue of choice: an anti-virus test lab. The goal was to test how well Metasploit's anti-virus protection would hold up against the most recent versions of the world's top ten a