Evading signature-based antivirus software using custom reverse shell exploit

Andrew Johnson, Rami J. Haddad

Research output: Contribution to book or proceedingConference articlepeer-review

6 Scopus citations

Abstract

Antivirus software is considered to be the primary line of defense against malicious software in modern computing systems. The purpose of this paper is to expose exploitation that can evade Antivirus software that uses signature-based detection algorithms. In this paper, a novel approach was proposed to change the source code of a common Metasploit-Framework used to compile the reverse shell payload without altering its functionality but changing its signature. The proposed method introduced an additional stage to the shellcode program. Instead of the shellcode being generated and stored within the program, it was generated separately and stored on a remote server and then only accessed when the program is executed. This approach was able to reduce its detectability by the Antivirus software by 97% compared to a typical reverse shell program.

Original languageEnglish
Title of host publicationSoutheastCon 2021
PublisherInstitute of Electrical and Electronics Engineers Inc.
ISBN (Electronic)9780738111315
DOIs
StatePublished - Mar 10 2021
Event2021 SoutheastCon, SoutheastCon 2021 - Atlanta, United States
Duration: Mar 10 2021Mar 13 2021

Publication series

NameConference Proceedings - IEEE SOUTHEASTCON
Volume2021-March
ISSN (Print)1091-0050
ISSN (Electronic)1558-058X

Conference

Conference2021 SoutheastCon, SoutheastCon 2021
Country/TerritoryUnited States
CityAtlanta
Period03/10/2103/13/21

Keywords

  • Anti-Virus
  • Kali Linux
  • Metasploit-Framework
  • Meterpreter
  • Msfvenom
  • Reverse Shell

Fingerprint

Dive into the research topics of 'Evading signature-based antivirus software using custom reverse shell exploit'. Together they form a unique fingerprint.

Cite this