Thanks you so much , we need more lessons about encryptions and bypass security , and how we bind payload with other files , plus if we can change the extension too
awesome! it worked for me. How come you have to make it a dll to run metereter shells vs .exe? for winpeas.exe, should we use a.dll or filelesspeloader.exe?
Hello, Detections from security solution vendors such as Microsoft Windows Defender are generally better at detecting .EXE file types as compared to .DLLs. In this case it is especially true since the FilelessPELoader file by defaults compiles to .EXE. If we were to change it a little, such as the output type to .DLL instead, chances are it will bypass the detection. Ultimately it is up to you to experiment what works best in your situation. Cheers!
Are you sure that variable renaming changes anything in detection? It is C/C++ and compiled directly in machine language. It is not java/C# to have intermediate language and needed to change variables to avoid detections
Yep totally expected that to happen sooner or later from Windows Defender. You can probably get away with more changes, like adding additional code into the function, changing the number of arguments the function takes, etc.
@@gemini_security thanks for the tips man..do you have a video on how to obfuscate or encrypt code? I'm new to this av bypass part of cybersecurity..thanks again
@@jz3376 Create your own loader (using FilelessPELoader) and change some stuff around like obfuscating strings, packing it, etc. Next, add a custom sleep function that spams random noise (such as printing random hashes) then executing the program. It will bypass 90% of AVs
@@hihihihi3806 Can you recommend me a few resources on how to dive deep into custom malware development? Also, what programming language do you use for creating all this stuff (PE loader, Custom Shellcode injecter, etc) I have experience creating simple exploits in Python. If you have discord, then please give me so we can talk more about it there.
I have this error, in case someone can help me /usr/bin/x86_64-w64-mingw32-ld: /tmp/cchxz1cB.o:fl.cpp:(.text+0x1342): undefined reference to `GetModuleInformation' collect2: error: ld returned 1 exit status
Thanks man, i am Happy now because u are back
Thanks you so much , we need more lessons about encryptions and bypass security , and how we bind payload with other files , plus if we can change the extension too
Thank you so much for adding cutshots it will help me out with my thinking how to edit code as well if it got detected 😄
have you tried using "threatcheck" and "ghidra" to spot the signatures in a more convinient way and less try and error?
threatcheck.exe said it was clear but whenever I remove the exclusion folder of the FilelessPELoader build, it gets detected by defender
What courses would you recommend to write our own viruses with c++ or python, how did you become a professional like this, what are your suggestions?
think you
awesome! it worked for me. How come you have to make it a dll to run metereter shells vs .exe? for winpeas.exe, should we use a.dll or filelesspeloader.exe?
Hello,
Detections from security solution vendors such as Microsoft Windows Defender are generally better at detecting .EXE file types as compared to .DLLs.
In this case it is especially true since the FilelessPELoader file by defaults compiles to .EXE. If we were to change it a little, such as the output type to .DLL instead, chances are it will bypass the detection.
Ultimately it is up to you to experiment what works best in your situation.
Cheers!
How to abuse living of the land drivers?
Are you sure that variable renaming changes anything in detection?
It is C/C++ and compiled directly in machine language. It is not java/C# to have intermediate language and needed to change variables to avoid detections
Changing variable names does nothing, as it all gets stripped when compiled.
@@hihihihi3806 so what makes the payload to be undetected???
@@amirakmel123 You can encrypt the strings at compile time using something like skCrypt. You can also create your own packer
@@hihihihi3806 I'll try it tnx😇
changing the variables does not work anymore
Yep totally expected that to happen sooner or later from Windows Defender.
You can probably get away with more changes, like adding additional code into the function, changing the number of arguments the function takes, etc.
@@gemini_security thanks for the tips man..do you have a video on how to obfuscate or encrypt code? I'm new to this av bypass part of cybersecurity..thanks again
This is now deleted by the Windows Defender
The cat and mouse game continues!
Obfuscate the strings! It will bypass defender very well
Is it possible to load mimikatz after obfuscating the source code and build it?
@@jz3376 Create your own loader (using FilelessPELoader) and change some stuff around like obfuscating strings, packing it, etc. Next, add a custom sleep function that spams random noise (such as printing random hashes) then executing the program. It will bypass 90% of AVs
@@hihihihi3806 Can you recommend me a few resources on how to dive deep into custom malware development? Also, what programming language do you use for creating all this stuff (PE loader, Custom Shellcode injecter, etc) I have experience creating simple exploits in Python. If you have discord, then please give me so we can talk more about it there.
@@romanxyz7248 elreygato
life sucks now cause my gf left me
I have this error, in case someone can help me
/usr/bin/x86_64-w64-mingw32-ld: /tmp/cchxz1cB.o:fl.cpp:(.text+0x1342): undefined reference to `GetModuleInformation'
collect2: error: ld returned 1 exit status