HD Moore and the team at Metasploits are constantly updating the framework. The programs, scripts and approaches I document In my SANS paper on the Effectiveness of Antivirus in Detecting Metasploit Payloads have changed significantly. If you haven't read my paper you may find it interesting. Its here In the document I showed how an attacker can create standalone executable payloads of any of the available payloads in the framework. I showed how to you can use msfencode to alter the payload to avoid detection by antivirus. One difficulty at the time was that msfencode didn't make an executable. That all changed on 9-26! HDM make the some changes to both the template that is used by msfpayload and msfencode (among other things). It now much easier to avoid antivirus. Now msfencode will create an EXE! It doesn't show up in the options when you do msfencode -h but it works! So the following: ./msfpayload windows/meterpreter/bind_tcp R | ./msfencode -t exe
This is a collection of Articles, Tools, Conference talks, interviews, etc by Mark Baggett