Biblio

Antivirus software is considered to be the primary line of defense against malicious software in modern computing systems. The purpose of this paper is to expose exploitation that can evade Antivirus software that uses signature-based detection algorithms. In this paper, a novel approach was proposed to change the source code of a common Metasploit-Framework used to compile the reverse shell payload without altering its functionality but changing its signature. The proposed method introduced an additional stage to the shellcode program. Instead of the shellcode being generated and stored within the program, it was generated separately and stored on a remote server and then only accessed when the program is executed. This approach was able to reduce its detectability by the Antivirus software by 97% compared to a typical reverse shell program.

The use of a very wide windows operating system is undeniably also followed by increasing attacks on the operating system. Universal Serial Bus (USB) is one of the mechanisms used by many people with plug and play functionality that is very easy to use, making data transfers fast and easy compared to other hardware. Some research shows that the Windows operating system has weaknesses so that it is often exploited by using various attacks and malware. There are various methods used to exploit the Windows operating system, one of them by using a USB device. By using a USB device, a criminal can plant a backdoor reverse shell to exploit the victim's computer just by connecting the USB device to the victim's computer without being noticed. This research was conducted by planting a reverse shell backdoor through a USB device to exploit the victim's device, especially the webcam and microphone device on the target computer. From 35 experiments that have been carried out, it was found that 83% of spying attacks using USB devices on the Windows operating system were successfully carried out.