So, this blog is just going to be a rant about the comments on the twitter that I was facing for Windows Defender and Symantec Endpoint Protection Evasion. You can find the tweet here:
Wrote a new tool which creates a spoofed certificate of any online website and signs an Executable for AV Evasion. Works for both Windows and Linux.https://t.co/oqrKueCBlE
🤟🤟🤟#ScriptDotSh #Pentesting #Antivirus #Malware #Spoofing pic.twitter.com/cUwIoUfmFM
— ParanoidNinja (@NinjaParanoid) October 27, 2018
So, since a lot of people thought that I cannot evade Antivirus by using an SSL certificate to sign the code, I decided to upload this small video along with a small narration of what I am doing to prove that code signing with SSL spoofing can be used to evade Antivirus.
I used this method to evade Windows Defender and Symantec Endpoint Protection which are both focused on Machine Learning. And below is the POC for the same. Enjoy!