Bypassing AVs by C# Managed Code (Reverse Shell) | By Damon Mohammadbagher

February 21, 2020

Bypassing AVs by C# Managed Code (Reverse Shell)

In this article I want to talk about simple C# source code which is very useful to bypassing “almost all” AVs (signature based Avs). I do not want to talk about code line by line but this code is very simple to use also you can find this code everywhere probably in (MSDN, Programming Websites, Github), etc.

This code will send “Cmd.exe” output to attacker system via “Tcp” on any port you want without encryption but if you want to use encryption then you should write little bit more Code also in attacker side you need to use C# Server-Side code for decryption.

But in this case I used “Netcat” without encryption so this is very simple.

I used this code to test some Avs like Kaspersky v19 , ESET v12, v13 , Comodo , Trend-Micro v16 & Windows Defender… with last Updates and “all of them Bypassed”. It means I had Shell without any Detection by Avs so this is my “Goal” to Bypass AVS other things Does not matter in this case/time.

Note: I think in this code only this section of code is very important

_Tiger.StartInfo.FileName = “CMD.EXE”

In this section you will call “cmd.exe” and some of Avs probably will Detect this code as Malware Code/behavior.

C# Code : 

Notify of

Oldest Most Voted
Inline Feedbacks
View all comments
4 years ago

thank you!

4 years ago

Cool information , thanks . Hey , you got stuff for Android ? iOS ? Keyloggers ? What other undetected exploits you own ?

© HAKIN9 MEDIA SP. Z O.O. SP. K. 2023