Ready to Start Your Career?
By: gazzwalker
February 2, 2017
Antivirus Evading Payloads: An Introduction to Veil-Evasion
By: gazzwalker
February 2, 2017
Estimated reading time: 2 minutesHi All,The following article is intended as a brief introduction to the Veil-Evasion tool. This is part of the Veil-Framework was created by Chris Truncer. The Evasion tool is used to generate a range of different payloads with the ability to circumvent standard endpoint antivirus. Similar to polymorphic malware, Veil-Evasion creates a unique payload for which no signature should exist and can, therefore evade anti-virus. This gives it a distinct advantage over other payload generators. The following example provides a brief overview of generating a payload.* Vail-Evasion is available from; https://github.com/Veil-Framework/Veil-Evasion *Step 1. Once installed on Kali launch Veil-Evasion by running “Veil-Evasion.py”. 
Step 2. Select a payload by entering its associated number (use "list" to view all options).
For this example, option 6 [ c/meterpreter/rev_tcp ] was used.Step 3. Configure the payload with the appropriate parameters (the CLI is similar to Metasploit).
To view the configuration use "info".Step 4. Generate the payload using "generate" and pressing enter. You will then be prompted to name the output.
The tool will then provide a summary of the payload you have generated.
Step 5. Concurrently prepare a Meterpreter session for incoming connections using the appropriate information.
Step 6. Deliver the payload contained in "usr/share/veil-output/compiled" per your chosen attack vector. For this example, Cybrary_example was simply copied onto the victim machine’s desktop. The below screenshot shows a scan using Windows Defender that detected nothing malicious in the payload.
The above example shows how easily an effective malicious payload can be generated using Veil-Evasion. I strongly recommend investigating the tool for yourself. There is an extensive range of payloads and functions available that this article only touches on. Once more it is worth noting Veil-Evasion’s biggest strength, is the ability to circumvent anti-virus software. Coupled with a good delivery mechanism Veil-Evasion is a worthy edition to any PenTester’s arsenal. I hope you found this article informative and thank you for reading. This is my first post so any constructive criticism or comments are welcome.This article is intended purely for academic purposes. Neither the author nor Cybrary endorses or takes responsibility for the malicious use of the Veil-Framework.
Step 2. Select a payload by entering its associated number (use "list" to view all options).For this example, option 6 [ c/meterpreter/rev_tcp ] was used.Step 3. Configure the payload with the appropriate parameters (the CLI is similar to Metasploit).To view the configuration use "info".Step 4. Generate the payload using "generate" and pressing enter. You will then be prompted to name the output.The tool will then provide a summary of the payload you have generated.Step 5. Concurrently prepare a Meterpreter session for incoming connections using the appropriate information.Step 6. Deliver the payload contained in "usr/share/veil-output/compiled" per your chosen attack vector. For this example, Cybrary_example was simply copied onto the victim machine’s desktop. The below screenshot shows a scan using Windows Defender that detected nothing malicious in the payload.
The above example shows how easily an effective malicious payload can be generated using Veil-Evasion. I strongly recommend investigating the tool for yourself. There is an extensive range of payloads and functions available that this article only touches on. Once more it is worth noting Veil-Evasion’s biggest strength, is the ability to circumvent anti-virus software. Coupled with a good delivery mechanism Veil-Evasion is a worthy edition to any PenTester’s arsenal. I hope you found this article informative and thank you for reading. This is my first post so any constructive criticism or comments are welcome.This article is intended purely for academic purposes. Neither the author nor Cybrary endorses or takes responsibility for the malicious use of the Veil-Framework. 