Umar Aditiawarman, Alfian Dody, T. Mantoro, H. A. Maarif, Anggy Pradiftha
{"title":"使用Python和PowerShell混淆框架逃避杀毒软件检测","authors":"Umar Aditiawarman, Alfian Dody, T. Mantoro, H. A. Maarif, Anggy Pradiftha","doi":"10.30812/matrik.v22i3.3088","DOIUrl":null,"url":null,"abstract":"Avoiding antivirus detection in penetration testing activities is tricky. The simplest, most effective, and most efficient way is to disguise malicious code. However, the obfuscation process will also be very complex and time-consuming if done manually. To solve this problem, many tools or frameworks on the internet can automate the obfuscation process, but how effective are obfuscation tools to avoid antivirus detection are. This study aimed to provide an overview of the effectiveness of the obfus- cation framework in avoiding antivirus detection. This study used experimental design to test and determine the effectiveness of the payload obfuscation process. The first step was generating Python and PowerShell payloads, followed by the obfuscation process. The results showed that by using the \nright method of obfuscation, malware could become completely undetectable. The automatic obfus- cation process also did not deteriorate the malware’s function. It was proven that the malware could run and open a connection on the server. These findings required more Python obfuscator techniques to determine the effectiveness of the obfuscated payload on the target machines using both static and dynamic analysis","PeriodicalId":364657,"journal":{"name":"MATRIK : Jurnal Manajemen, Teknik Informatika dan Rekayasa Komputer","volume":"81 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2023-07-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Evading Antivirus Software Detection Using Python and PowerShell Obfuscation Framework\",\"authors\":\"Umar Aditiawarman, Alfian Dody, T. Mantoro, H. A. Maarif, Anggy Pradiftha\",\"doi\":\"10.30812/matrik.v22i3.3088\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Avoiding antivirus detection in penetration testing activities is tricky. The simplest, most effective, and most efficient way is to disguise malicious code. However, the obfuscation process will also be very complex and time-consuming if done manually. To solve this problem, many tools or frameworks on the internet can automate the obfuscation process, but how effective are obfuscation tools to avoid antivirus detection are. This study aimed to provide an overview of the effectiveness of the obfus- cation framework in avoiding antivirus detection. This study used experimental design to test and determine the effectiveness of the payload obfuscation process. The first step was generating Python and PowerShell payloads, followed by the obfuscation process. The results showed that by using the \\nright method of obfuscation, malware could become completely undetectable. The automatic obfus- cation process also did not deteriorate the malware’s function. It was proven that the malware could run and open a connection on the server. These findings required more Python obfuscator techniques to determine the effectiveness of the obfuscated payload on the target machines using both static and dynamic analysis\",\"PeriodicalId\":364657,\"journal\":{\"name\":\"MATRIK : Jurnal Manajemen, Teknik Informatika dan Rekayasa Komputer\",\"volume\":\"81 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2023-07-14\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"MATRIK : Jurnal Manajemen, Teknik Informatika dan Rekayasa Komputer\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.30812/matrik.v22i3.3088\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"MATRIK : Jurnal Manajemen, Teknik Informatika dan Rekayasa Komputer","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.30812/matrik.v22i3.3088","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Evading Antivirus Software Detection Using Python and PowerShell Obfuscation Framework
Avoiding antivirus detection in penetration testing activities is tricky. The simplest, most effective, and most efficient way is to disguise malicious code. However, the obfuscation process will also be very complex and time-consuming if done manually. To solve this problem, many tools or frameworks on the internet can automate the obfuscation process, but how effective are obfuscation tools to avoid antivirus detection are. This study aimed to provide an overview of the effectiveness of the obfus- cation framework in avoiding antivirus detection. This study used experimental design to test and determine the effectiveness of the payload obfuscation process. The first step was generating Python and PowerShell payloads, followed by the obfuscation process. The results showed that by using the
right method of obfuscation, malware could become completely undetectable. The automatic obfus- cation process also did not deteriorate the malware’s function. It was proven that the malware could run and open a connection on the server. These findings required more Python obfuscator techniques to determine the effectiveness of the obfuscated payload on the target machines using both static and dynamic analysis
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
