Nytro Posted March 11, 2015 Report Posted March 11, 2015 Upgrade your DLL to Reflective DLLFebruary 26, 2015Ionut PopescuIf you want to execute code stealthily on a machine and the antivirus stands in your way, you should think about avoiding the disk because this is the place where the antivirus reigns.In this scenario, you might find it useful to execute a DLL directly inside the address space of a running process without touching the disk. This will bypass the AV in a stealthy and powerful way.To achieve this, all you need to do is upgrade your DLL to Reflective DLL.IntroductionThe antivirus can sometimes be a significant problem during a penetration test in the post-exploitation phase. For dealing with this issue, several strategies have been proposed:making use of the command line / PowerShellexecuting a program (EXE) from memoryexecuting a DLL from memorySometimes the command line interface is severely limited.Also, by executing a program from memory you may still run into problems with the antivirus; you might get away with it by making use of a crypter (a tool that encrypts an executable, decrypting it during execution and executing it from memory) but most of them are detectable.Thus, you may find it useful to use a DLL instead of an EXE to do your job.Articol complet: Upgrade your DLL to Reflective DLL – Security Café Quote
