Lead Image © archibald1221, 123RF.com

Lead Image © archibald1221, 123RF.com

Slipping your pen test past antivirus protection with Veil-Evasion

Through the Keyhole

Article from ADMIN 32/2016
By
The Veil pen-testing platform provides some powerful tools that will hide your attack from antivirus scanners – and Veil even supports Metasploit payloads.

Veil [1] is a penetration-testing framework that was originally designed to evade antivirus protection on the target system. Since its first release three years ago, Veil has expanded to include other payload delivery options, and it even comes with some post-exploitation capabilities. The original Veil release only supported three payload shellcode injection options. New versions can incorporate the complete Metasploit Windows payload system [2].

Veil is capable of bypassing antivirus solutions deployed on endpoints during a pen-testing session. To bypass antivirus protection, Veil generates random and unique payloads for exploits. This ability to make random changes to the payload is similar to polymorphic malware that changes as it moves from host to host, making it much more difficult to discover than traditional malware, which has a distinct signature. Veil's exploits are compatible with popular penetration testing tool frameworks like Metasploit, which makes it very easy to incorporate Metasploit into your existing penetration testing routine. Veil aggregates various shellcode injection techniques across multiple languages, putting the focus on automation and usability.

Veil-Evasion Features

The original purpose of Veil was to evade antivirus protection by morphing the attack in random ways that would not turn up on an anitvirus signature. As the project began to evolve and take on additional capabilities, the original antivirus-evading component was renamed Veil-Evasion.

Veil-Evasion can use custom or Metasploit-generated shellcode, and you can easily integrate third-party tools, such as Hyperion, PEScrambler, and BackDoor Factory.

Native Stagers

Stagers manage an attack on the target system as

...
Use Express-Checkout link below to read the full article (PDF).

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy ADMIN Magazine

SINGLE ISSUES
 
SUBSCRIPTIONS
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

  • How to Hide a Malicious File

    The best way to stop an attack is to think like an attacker. We’ll show you how to use the Metasploit framework to create a malicious payload that escapes antivirus detection.

  • Hunt down vulnerabilities with the Metasploit pen-testing tool
    The veteran Metasploit is by no means obsolete and is still used as a typical workflow to find and analyze security vulnerabilities in Windows 10 and Linux systems.
  • Pen Test Tips

    The powerful Metasploit framework helps you see your network as an intruder would see it. You might discover it is all too easy to get past your own defenses.

  • Discovering SQL injection vulnerabilities
    Hardly a day goes by without reports of hackers breaking into government, military, or enterprise servers. If you analyze the details of the hacker's approach, you will see that, in 90 percent of all cases, SQL injection was the root cause of a server's compromise.
  • Uncovering SQL Injections

    Hardly a day goes by without reports of hackers breaking into government, military, or enterprise servers. If you analyze the details of the hacker’s approach, you will see that, in 90 percent of all cases, SQL injection was the root cause of a server’s compromise.

comments powered by Disqus
Subscribe to our ADMIN Newsletters
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs



Support Our Work

ADMIN content is made possible with support from readers like you. Please consider contributing when you've found an article to be beneficial.

Learn More”>
	</a>

<hr>		    
			</div>
		    		</div>

		<div class=