Antivirus Evasion | Bypass Techniques.

https://www.peerlyst.com/posts/bypassing-anti-virus-by-creating-remote-thread-into-target-process-damon-mohammadbagher
Call A();// where A has following set of instructions
A()
mov edi,edi
push ebp
mov ebp,esp
push 0
push [ebp+10]
pop ebp
retn 0
Call A();A()
mov edi,edi
push ebp
mov ebp,esp
jmp malicious__Offs3cg33k+5 //5 bytes=32-bit jmp_opcode_space
push 0
push [ebp+10]
pop ebp
retn 0
malicious__Offs3cg33k()
/* reverse shell code here */
retn 0

HOW CAN THE ABOVE TECHNIQUES BE DETECTED ????

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store