Evading signature-based antivirus software using custom reverse shell exploit

Authors

• Andrew Johnson, Georgia Southern University
• Rami J. Haddad, Georgia Southern UniversityFollow

Document Type

Conference Proceeding

Publication Date

3-10-2021

Publication Title

SoutheastCon 2021 Proceedings

DOI

10.1109/SoutheastCon45413.2021.9401881

Abstract

Antivirus software is considered to be the primary line of defense against malicious software in modern computing systems. The purpose of this paper is to expose exploitation that can evade Antivirus software that uses signature-based detection algorithms. In this paper, a novel approach was proposed to change the source code of a common Metasploit-Framework used to compile the reverse shell payload without altering its functionality but changing its signature. The proposed method introduced an additional stage to the shellcode program. Instead of the shellcode being generated and stored within the program, it was generated separately and stored on a remote server and then only accessed when the program is executed. This approach was able to reduce its detectability by the Antivirus software by 97% compared to a typical reverse shell program.

Comments

Georgia Southern University faculty member, Rami J. Haddad co-authored, "Evading signature-based antivirus software using custom reverse shell exploit."

Recommended Citation

Johnson, Andrew, Rami J. Haddad. 2021. "Evading signature-based antivirus software using custom reverse shell exploit." SoutheastCon 2021 Proceedings: Institute of Electrical and Electronics Engineers Inc.. doi: 10.1109/SoutheastCon45413.2021.9401881
https://digitalcommons.georgiasouthern.edu/electrical-eng-facpubs/187

Copyright

This work is archived and distributed under the repository's Standard Copyright and Reuse License (opens in new tab). End users may copy, store, and distribute this work without restriction. For all other uses, permission must be obtained from the copyright owners or their authorized agents.