| Title | Evading Signature-Based Antivirus Software Using Custom Reverse Shell Exploit |
| Publication Type | Conference Paper |
| Year of Publication | 2021 |
| Authors | Johnson, Andrew, Haddad, Rami J. |
| Conference Name | SoutheastCon 2021 |
| Keywords | anti-virus, detection algorithms, Kali Linux, Malware, Metasploit-Framework, Meterpreter, Msfvenom, Payloads, pubcrawl, resilience, Resiliency, reverse shell, Scalability, Servers, signature based defense |
| Abstract | Antivirus software is considered to be the primary line of defense against malicious software in modern computing systems. The purpose of this paper is to expose exploitation that can evade Antivirus software that uses signature-based detection algorithms. In this paper, a novel approach was proposed to change the source code of a common Metasploit-Framework used to compile the reverse shell payload without altering its functionality but changing its signature. The proposed method introduced an additional stage to the shellcode program. Instead of the shellcode being generated and stored within the program, it was generated separately and stored on a remote server and then only accessed when the program is executed. This approach was able to reduce its detectability by the Antivirus software by 97% compared to a typical reverse shell program. |
| DOI | 10.1109/SoutheastCon45413.2021.9401881 |
| Citation Key | johnson_evading_2021 |
Evading Signature-Based Antivirus Software Using Custom Reverse Shell Exploit