The client ML is something we, as users, actually interact with. The best way to describe what a machine learning-based antivirus looks like is that there are two components to the design: a client ML and the cloud ML. The malware researchers also get a copy of your code, which means you will burn all of your hard work within minutes.
As soon as your code behavior is something too malicious-looking, which can be as simple as using the wrong Windows API (such as WriteProcessMemory or even a VirtualAlloc, one of the AI checks will get you. Not only are AV engines much smarter at detecting potential threats, they also respond much quicker. Most modern antivirus engines are powered by machine learning, and this has been a huge game changer for AV evasion. This also makes shellcode difficult to improve, and eventually, all the AV classifiers have the word “EVIL” written all over the place. One of the challenges with Metasploit shellcode is that they are small, because size matters for various tactical reasons. The unmodified shellcode should not be detectable by popular antivirus.Find a solution to reuse existing Metasploit shellcodes.I had two important requirements for this experiment: Penetration testers and red teamers suffer the most from this while using Metasploit, which forced me to look into how to improve our payload evasion-and really, it’s hard. If malware development is a cat-and-mouse game, then I would say that the industry creates some of the most terrifying hunters. Being on the offensive side in the security field, I personally have a lot of respect for the researchers and engineers in the antivirus industry, and the companies dedicated to investing so much in them.
0 kommentar(er)
