Jump to content
Nytro

Veil – AV Evasion

By Nytro, in Programe hacking

Recommended Posts

Nytro Mentor

Nytro

Posted
Posted

[h=1]Veil – AV Evasion[/h]

[h=1]Veil v2.0 : Towards a True Framework[/h] June 17, 2013 by The Grayhound

Repo Location: https://github.com/ChrisTruncer/Veil

Team Veil is proud to announce the release of Veil v2.0. This drastically reworked version of the Veil AV-evasion framework incorporates a new structure, a slew of new features, and a variety of new payloads:

New Structure

  • Veil has moved from a single flat file towards a truly modular framework:
    • Payload modules dropped into ./modules/payloads/[language] are loaded into the framework automatically
    • Common reusable functions are stored in various files in ./modules/common/*
    • Source/compiled files are output by default to ./output/source/ and ./output/compiled/
    • ./config/update.py is executed automatically on first run, producing a common configuration file at ./config/veil.py, which can be edited manually
    • External tools used by payloads are stored in ./tools/
    • ./doc/* contains pydoc generated documentation for the framework

    [*]A tutorial describing how to develop payload modules is forthcoming.

New features

  • Veil’s menus and interface have been redesigned for increased usability.
  • One of the common requests for Veil was the inclusion of additional msfvenom shellcode payloads. To incorporate this, we built in automatic crawling of the metasploit /windows/* payload tree and the extraction of necessary payload parameters. The payloads should tab complete within the shellcode selection menu, in msfvenom windows/PAYLOAD format.
  • Tab completion has also been added in a variety of places around the framework, including most menus, LHOST for IP completion, and LPORT for 4444 completion. Try it out!
  • A new python ‘crypter’ named ‘pyherion’ (inspired by Null Security’s Hyperion) has been introduced, which encapsulates python payload files in an AES/base64 encoded wrapper that dynamically decodes/decrypts the python code in memory and executes it. A standalone version has also been introduced in ./tools/pyherion.py . A short post explaining its implementation details will be forthcoming.
  • Command line switches have been implemented for almost all options. Type ./Veil.py -h for details.

New payloads

  • C payloads – Using both a void pointer reference and direct injection into memory with VirrtualAlloc calls
  • Powershell – VirtualAlloc injection, MSF-psexec formatted resource file generation, and download/execution of a secondary payload.
  • C# payloads – VirtualAlloc and base64 obfuscated payloads have been introduced, along with C# .exe compilation.
  • Native payloads – hyperion and pescrambler

Sursa: https://www.veil-evasion.com/

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...