[Owasp-germany] 29. Kölner OWASP Stammtisch

Ralf Allar ralf.allar at owasp.org
Sat Apr 15 10:12:34 UTC 2017

Hallo zusammen,

am 27.4. ab 19Uhr findet der nächste Kölner OWASP Stammtisch statt.

Daniel wird Euch etwas über seinen Talk von der Blackhat erzählen.
https://www.blackhat.com/asia-17/arsenal.html#daniel-sauder <https://www.blackhat.com/asia-17/arsenal.html#daniel-sauder>

Avet (link: https://github.com/govolution/avet <https://github.com/govolution/avet>) is an antivirus evasion tool.

What & Why:
When running an exe file made with msfpayload & co, the exe file will often be recognized by the antivirus software
Avet is a antivirus evasion tool targeting windows machines
The techniques used in avet evaded 9 antivirus suites (all of the tested), including MS Defender, McAfee, Sophos, Avira and more
Avet includes two tools, avet.exe with different antivirus evasion techniques and make_avet for compiling a preconfigured binary file
Avet.exe loads ASCII encoded shellcode from a textfile or from a webserver, further it is using an av evasion technique to avoid sandboxing and emulation
For encoding the shellcode the tools format.sh and sh_format are included
Avet is tested with Kali 2 and tdm-gcc
Interactive assistant for easier usage
More evasion techniques
Support for 64bit payloads

Wenn ihr mitmachen wollt, dann bringt eine Kali Box und Windows mit AV mit.

WO: Dombrauhaus (http://www.dombrauhaus.de/ <http://www.dombrauhaus.de/>) Saarstraße 1 Leverkusen
https://www.google.de/maps/place/Dombrauhaus/@51.0226797,7.0430772,17z/data=!3m1!4b1!4m5!3m4!1s0x47bf2916301ebc9f:0xd9ff0c9d865c10b1!8m2!3d51.0226763!4d7.0452659 <https://www.google.de/maps/place/Dombrauhaus/@51.0226797,7.0430772,17z/data=!3m1!4b1!4m5!3m4!1s0x47bf2916301ebc9f:0xd9ff0c9d865c10b1!8m2!3d51.0226763!4d7.0452659>

Frohe Ostern,

More information about the Owasp-germany mailing list