Tools like veil-evasion have come up in recent times that are capable of bypassing anti-virus solutions. These tools use a lot of advanced evasion techniques, generates polymorphic payloads to avoid signature detection. Following techniques are used to evade detection:
- Randomization of variable names and methods
- Encryption of source
- Native stagers (shellcode-less)
- Method nops (randomizing program’s call tree via dummy methods)
- Obfuscated loaders
Figure out solutions for better detection of each of these payloads.
Notes: For demonstration generate payloads using veil-evasion which is open source.
Sample Data Required: No