Antivirus evasion is the technique of launching attacks against a machine without being detected or stopped by the presence of antivirus (AV) software.
On-disk Evasion
- packing (bypass signature)
- obfuscator (bypass signature)
- crypter (can be effective against modern AV)
- software protector (can be effective against modern AV)
In-memory Evasion
In-memory evasion techniques do not aim to modify the executable itself, but rather to use a range of memory manipulation methods to appear benign. The benefit of in-memory evasion techniques is that they avoid filesystem interactions, which AVs monitor closely.
Practical Examples
For OSCP, use shellter (requires wine) to inject malicious code (e.g. Meterpreter reverse shell, can be generated within shellter) into a benign binary.