fix: now at 0/40 detections back again
This commit is contained in:
@@ -5,15 +5,13 @@ I will not provide any support for running the program, it is only made for peop
|
||||
|
||||
# Limitations
|
||||
patate crypter officially supports 32bit DLLs and PEs. It might be possible to add x64 bit support without too much issues, but i never tried, maybe one day.<br>
|
||||
The crypter will link the library dynamically by default because statically linking the MSVC default librairies cuases the detections to go from 0/40 to 5/40 (see below).<br>
|
||||
There is an issue where the reallocations would fail for specific payloads, TOFIX.<br>
|
||||
There is code in the `metadata.py` file to generate random BMP images in the metadata of the PE but it makes the entropy go way to high (from 6.4 to 7.4) (see [link](https://practicalsecurityanalytics.com/file-entropy/)).
|
||||
|
||||
# Detection rate
|
||||
There is currently 0/40 detections for a crypted meterperter :
|
||||
- [original](https://kleenscan.com/scan_result/c6ee0a65f7b88ff709b003357ba9e21a2c1488ad7c6f2314d00bdae45d542df8)
|
||||
- [crypted (dynamically linked)](https://kleenscan.com/scan_result/be8a5e779c0269d2a87d9345118e180162852c4ed70e18f17838da8f879e87ae)
|
||||
- [crypted (statically linked)](https://kleenscan.com/scan_result/0b65052a51ce5d3f7807fdae4c7ffc1c45f2868ab41f9073c3bd479b2c86b2a8)
|
||||
- [original meterpreter](https://www.kleenscan.com/scan_result/6ea55d54a947393082f524215c28185ef90a7ec9cb9c50f25c555715b61b0e3e)
|
||||
- [crypted](https://www.kleenscan.com/scan_result/697277eeddc7cf01ffc81430e3c549488e3a96970edb9ec8d96860d9135eac54)
|
||||
|
||||
# How does it work ?
|
||||
The crypter (compile time) works by :
|
||||
|
||||
Reference in New Issue
Block a user