Can this BYPASS Windows Defender???

Thanks! And thanks for watching 😀👍

Thank you very much! 😀

Thanks, Wayne!

Thanks! I'm glad you enjoyed it 😃

Great question! So some of it is golang, although a lot of malware is written using go so sometimes even a simple "hello, world!" app will get flagged as malicious. The other things that helps this work are the obfuscations and the fact that most of the "malicious" stuff is executed in memory. I didn't go crazy with the obfuscations, or with using techniques that would help it avoid behavioral detections, but I plan on continuing to refine this so that it can take on the modern EDR/XDR systems. 👍

Happy Monday, bro! Hope you enjoy the video 😃

Thanks for watching and commenting 💯👍

Priv esc can be fun LOL! Here's a great github repo with a ton of great Windows Priv Esc techniques, tools, and articles to help you in the mean time. github.com/emilyanncr/Windows-Post-Exploitation#privilege-escalation-guides/wiki

Thanks! Glad you liked it ☺️

Thanks 😀👍

Good eye! Technically I didn't switch. I still run Parrot, but for this script I had been building it on my Zorin workstation, so I just used remote-desktop to show the screen for the video. I do have plans to make a new video about Pentesting/security-focused distros and have discovered a new-to-me distro that has really impressed me. 😉👍

Sure thing! It bypasses Defender by utilizing a few techniques.
1) updater.exe doesn't necessarily do anything malicious. It just downloads a file from a web server.
2) since it is custom built Defender doesn't have a signature for it
3) the "malicious" payloads are never written to disk
4) one of the payloads bypasses AMSI
5) the payloads are utilizes obfuscations like string encoding and concatenation
Not sure if it will bypass other AV systems, but I'd love to hear the results from you if you end up testing them 👍💯

Hey @firosiam7786
That course is indeed behind the ACI Learning paywall, but is well worth the ticket price. Mike Saunders did a masterful job of explaining and demonstrating the AV-bypass techniques he uses as the Principal Security Consultant/Red Team Lead for Red Siege. Great stuff!

Thanks for the support 😀👍

I feel your pain. I too am not a great developer and building this bypass was a bit of a struggle for me, but I loved every minute of it (well maybe not EVERY minute LOL) and I learned a lot.
So, the best advice I have is, don't look for the shortcut. Don't rob yourself of the knowledge and experience that comes from struggling through a problem and learning/failing your way out of it.
I'm not saying you shouldn't ask for help, but don't look for the "easy way" while you're learning. Put the time and effort into making sure you understand what it is you're trying to do and eventually you won't have to label yourself as "not a great developer" (even though you probably will any way. DAMN YOU, IMPOSTER SYNDROME!!!)
All that said, feel free to check out my code and just modify it for your bypass. Looking at other's code is a great way to learn at a faster pace. I'd even suggest you lean on AI a bit. Since you're learning it can be much faster to learn how to do something using AI, then it is to scour stackoverflow or sift through a book, or hit the right link on the google results page. Just make sure that you're not just doing a straight up copy/paste job without understanding what's going on and filling in the gaps with books,videos,tutorials,etc.
Well I hope that helps you out. Now go write some crappy code and then keep massaging it until it does the thing :)
Cheers!

That was quick. All good things come to an end I guess. Thanks for the head's up.

Hi and thanks for watching! I'm not 100% sure about what you're asking me, but I'll attempt to answer based on what I think you're asking.
So, I'm just using Metasploit to catch the reverse shell, which is just the good old "exploit/multi/handler" module.
I think what you're referring to is the spot in the video right before we jump to Metasploit (6:26 - 6:46). That is a custom app I built using Golang(SecUp.go). It attempts to automate some of the deployment of the "malicious" payloads and runs a web server.
I hope that clears things up for you.
Cheers!

True. That said, this was more of a learning experience for me and a simple proof-of-concept. I do plan on refining it to the point that it can take on those big boy defenders though, so wish me luck 🍀🤞😁

@@daniellowrie xoxoxo definitely worth the watch and you always bring top notch content ….

@@xoxoxo-42 I really appreciate your kind words! And thanks so much for watching 💯👍

I would first attempt to execute on a different target to see if the problem is with the app or the OS. I did a quick google search for "this app can't run on your pc" and it looks like this might be a common issue for folks running Windows 11. You could possibly try tweaking the code and/or changing compile options as well. I hope that helps

Thanks for letting me know. I guess It just goes to show how quickly these things get signatured and that we need to constantly be updating our kit.

So sorry to hear that! Are you getting an error?

​yes sir, "this app can't run on your PC" error comes😢why that..@@daniellowrie

It needs to have a valid cert signature with a CA. You can self sign but windows doesn’t like unsigned exe’s