Anti-Virus evasion
Methodology
- AV Fingerprinting
- Tools : SharpEDRChecker, Seatbelt
- Social engineering
- Replicates the victim environment to test our payloads
Info
We should always disable any kind of cloud-based protection in the AV settings (potentially by outright disconnecting the VM from the internet) so that the AV doesn't upload our carefully crafted payloads to a server somewhere for analysis.
- On-Disk evasion
- In-Memory evasion