Bypassing AVs by C# Managed Code (Reverse Shell) | By Damon Mohammadbagher

Bypassing AVs by C# Managed Code (Reverse Shell)

In this article I want to talk about simple C# source code which is very useful to bypassing “almost all” AVs (signature based Avs). I do not want to talk about code line by line but this code is very simple to use also you can find this code everywhere probably in (MSDN, Programming Websites, Github), etc.

This code will send “Cmd.exe” output to attacker system via “Tcp” on any port you want without encryption but if you want to use encryption then you should write little bit more Code also in attacker side you need to use C# Server-Side code for decryption.

But in this case I used “Netcat” without encryption so this is very simple.

I used this code to test some Avs like Kaspersky v19 , ESET v12, v13 , Comodo , Trend-Micro v16 & Windows Defender… with last Updates and “all of them Bypassed”. It means I had Shell without any Detection by Avs so this is my “Goal” to Bypass AVS other things Does not matter in this case/time.

Note: I think in this code only this section of code is very important

_Tiger.StartInfo.FileName = “CMD.EXE”

In this section you will call “cmd.exe” and some of Avs probably will Detect this code as Malware Code/behavior.

C# Code : https://github.com/DamonMohammadbagher/NativePayload_ReverseShell

In this video you can see how this code Worked step by step:

Video: https://www.youtube.com/watch?v=VkFcy1Dg-pU

Now I want to show you some of my AV tests with Pictures:

No alt text provided for this image

Picture 1: ESET v13 Bypassed

No alt text provided for this image

Picture 2: Windows Defender Bypassed

in the Next Pictures for bypassing Kaspersky v19 and Trend-Micro v16 I used another Tool but code almost is same in this case:

No alt text provided for this image

Picture 3: Kaspersky v19 bypassed

No alt text provided for this image

Picture 4: Trend-Micro v16 bypassed

As you can see these (AVs) are still useless and they are bypassed simply.

November 26, 2019

2
Leave a Reply

avatar
2 Comment threads
0 Thread replies
0 Followers
 
Most reacted comment
Hottest comment thread
2 Comment authors
Yuhisern Recent comment authors

This site uses Akismet to reduce spam. Learn how your comment data is processed.

  Subscribe  
newest oldest most voted
Notify of
Member
google

thank you!

Yuhisern
Guest
Yuhisern

Cool information , thanks . Hey , you got stuff for Android ? iOS ? Keyloggers ? What other undetected exploits you own ?

© HAKIN9 MEDIA SP. Z O.O. SP. K. 2013