Video demo

Last glimpse on whats possible (doubting Thomas) on the AV bypass subject.
Here is an example how to get by Kaspersky Anti-Virus 2012 with Proactive Defense, and full software DEP policy.

P.S. Darn Youtube Audio restrictions ..

Sorry, no more hints and howtos. You are on your own, good luck and keep on hackin’

I ain’t often right
but I’ve never been wrong
It seldom turns out the way
it does in the song
Once in a while
you get shown the light
in the strangest of places
if you look at it right


About astr0baby

Please run Adblock or similar... we have been told to do so since Carl Sagan wrote the Contact .
Gallery | This entry was posted in Uncategorized. Bookmark the permalink.

9 Responses to Video demo

  1. hidden says:

    not sure, if this is really a hint… its a proof!

  2. hidden says:

    I would like to understand your “Fu” … :( no mercy?

  3. t1m says:

    Nice job on the bypasses… Question… why did you remove the code you posted before this post??

    • astr0baby says:

      Thx. I had to remove the code because the AV companies were starting to partially detect some of the generated executables. Most notably Kaspersky. I will post the code later when Im finished with a different method. Until then I need to keep it down. Sorry.

  4. t1m says:

    Hey no problem. I actually had some problems with the code that leveraged CPUID / dmc compiler… It would generate the exe and what not… but once the generated exe was ran… it would crash… is there something that could have caused this?

    • astr0baby says:

      You need to know the CPU type for the target and use that cpuid to encode the payload with. If you encode with different CPUID than the target the binary would crash. For example the Intel Core2Duo has many versions like E3000. E4000 each producing a different CPUID. you can create a small database of CPUID types (I have one rather incomplete) and use that in your scripts. Also I’ve noticed that multicore CPUs produce actually 2 CPUIDs (try run the CPUID executable on the target a couple of times to see the difference) thus making the executable a little unstable.

      • t1m says:

        Learning more and more everyday! Thanks! Didn’t know that. Thumbs up on the teensy guides too! Thanks again!

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.