Zexplo Penetration Testing Toolkit

Guided By: Dr. R.K. Tyagi

BY: Rohit Tehlan Vinay Bhandari Amit Malik

Agenda Module #1 y Overview y Purpose y Working y Concept y Encoder y Demo .

Overview y Inject code into a running Process y Bypass Antivirus y Backdoor a Process .

Purpose y Bypass Antivirus (completely) y Post Exploitation Phase y Flexibility y Generic solution .

Working Divided into two parts  Code (In a File)  Interface (A Mechanism that will inject code into a process) Explorer Code (File) FireFox Interface Avast .

Concept #7#8#9 y Executable files (.EXE)  Code (High/Mid Level Language)  Compiler  Linker Linker CODE Compiler .EXE .

Executable Detection (Top Level View) y if (DetectSignaturePacker()) start emulator or Virtual environment else if (DetectSignatureMalware()) print ³Aila.. Malware´ else Print ³Clean´ .

‡ How it bypass AV ?? .txt)  The Interface ± That will inject the code into the process.Antivirus Evasion y Divide Exe into two parts (not physically)  The core code ± in a file (may be a .

Encoder y Written in Assembly y Three layer XOR encoding y Simple jmp/call decoding routine y Improvements Needed .