AVET – AntiVirus Evasion Tool

0
0

AVET is an AntiVirus Evasion Tool, which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. In version 1.1 lot of stuff was introduced. Now 64bit payloads can used, for easier usage.
What & Why:

  • When running an exe file made with msfpayload & co, the exe file will often be recognized by the antivirus software
  • Avet is a antivirus evasion tool targeting windows machines.
  • The techniques used in avet evaded 9 antivirus suites (all of the tested), including MS Defender, McAfee, Sophos, Avira and more.
  • Avet includes two tools, avet.exe with different antivirus evasion techniques and make_avet for compiling a preconfigured binary file
  • Avet.exe loads ASCII encoded shellcode from a textfile or from a webserver, further it is using an av evasion technique to avoid sandboxing and emulation
  • For encoding the shellcode the tools format.sh and sh_format are included Avet is tested with Kali 2 and tdm-gcc

The current version is Version 1.1 and have the following update:

  1. avet_fabric for assisted execution of the build scripts
  2. more cleanup of avet.c
  3. removed all options from avet.c itself for reducing codebase (less detectable in the future)
  4. added options from avet to make_avet
  5. added build scripts
  6. added -F for explicit fopen sandbox escape
  7. added -X for 64 bit support
  8. added -E for explicit usage of avets ASCII encoder

You can read and download latest Avet release over here: https://github.com/govolution

Share