Malware on Steroids Part 4: Defender and Symantec Endpoint Protection Evasion

So, this blog is just going to be a rant about the comments on the twitter that I was facing for Windows Defender and Symantec Endpoint Protection Evasion. You can find the tweet here:

So, since a lot of people thought that I cannot evade Antivirus by using an SSL certificate to sign the code,  I decided to upload this small video along with a small narration of what I am doing to prove that code signing with SSL spoofing can be used to evade Antivirus.

I used this method to evade Windows Defender and Symantec Endpoint Protection which are both focused on Machine Learning. And below is the POC for the same. Enjoy!

|| OSCP || Malware Analyst/Researcher || Antivirus Evader || Threat Hunter || Martial Artist ||

Tags: , , , , , , ,

4 comments

  1. Wow~ Your article is well explained and easy to understand. awesome. Could the next blog be written to a kernel exploit or rootkit or cryptography?

    1. Yes. I am on my way to write a post on building rootkits and kernel exploit! It will be posted once I Complete the shellcoding part!

  2. Paranoid Ninja, you could teach us cryptocurrency mining malware in a new post?
    It would be very interesting!
    This posts are really good.
    Nice job.

Leave a Reply

Your email address will not be published. Required fields are marked *

*