Bypassing AVs by C# Managed Code (Reverse Shell)
In this article I want to talk about simple C# source code which is very useful to bypassing “almost all” AVs (signature based Avs). I do not want to talk about code line by line but this code is very simple to use also you can find this code everywhere probably in (MSDN, Programming Websites, Github), etc.
This code will send “Cmd.exe” output to attacker system via “Tcp” on any port you want without encryption but if you want to use encryption then you should write little bit more Code also in attacker side you need to use C# Server-Side code for decryption.
But in this case I used “Netcat” without encryption so this is very simple.
I used this code to test some Avs like Kaspersky v19 , ESET v12, v13 , Comodo , Trend-Micro v16 & Windows Defender… with last Updates and “all of them Bypassed”. It means I had Shell without any Detection by Avs so this is my “Goal” to Bypass AVS other things Does not matter in this case/time.
Note: I think in this code only this section of code is very important
_Tiger.StartInfo.FileName = “CMD.EXE”
In this section you will call “cmd.exe” and some of Avs probably will Detect this code as Malware Code/behavior.
In this video you can see how this code Worked step by step:
Now I want to show you some of my AV tests with Pictures:
Picture 1: ESET v13 Bypassed
Picture 2: Windows Defender Bypassed
in the Next Pictures for bypassing Kaspersky v19 and Trend-Micro v16 I used another Tool but code almost is same in this case:
Picture 3: Kaspersky v19 bypassed
Picture 4: Trend-Micro v16 bypassed
As you can see these (AVs) are still useless and they are bypassed simply.