Obfuscation has to do with changing the signature of the malware we are generating
Types of AV Detection Methods
- Signature based detection (This is a unique sequence of bytes that uniquely identifies malware )
- Heuristic based detection (relies on rules or decision to determine whether a binary is malicious)
- Behaviour based detection (relies on idenifying malware by monitoring its behaviour)
Evasion Techniques
- On-disk evasion technique a. obfuscation b. encoding c. packing d. crypters
- In-memory evasion technique
A tool named shelter can be used for this
He used vnc viewer as an example here
Obfuscating PowerShell code
The tool that will be used for this is “invoke-obfuscation”
You can run powershell on linux by downloading the powershell package
To run the tool
Invoke-Obfuscation
To import a powershell module on Invoke-Obfuscation
Import-Module module.psd1