Scribd
Upload
61 views

Zexplo Penetration Testing Toolkit

The document provides an overview of Zexplo Penetration Testing Toolkit, which injects code into running processes to bypass antivirus detection. It works by dividing code into two parts - the core code stored in a file and an interface that injects the code into a process. This allows the code to bypass antivirus software by avoiding detection as a malicious executable file. The document outlines the concept and working of the toolkit and provides a demo.

Uploaded by

Vinay Bhandari
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
61 views

Zexplo Penetration Testing Toolkit

The document provides an overview of Zexplo Penetration Testing Toolkit, which injects code into running processes to bypass antivirus detection. It works by dividing code into two parts - the core code stored in a file and an interface that injects the code into a process. This allows the code to bypass antivirus software by avoiding detection as a malicious executable file. The document outlines the concept and working of the toolkit and provides a demo.

Uploaded by

Vinay Bhandari
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
You are on page 1/ 10

Zexplo Penetration Testing Toolkit

Guided By:
Dr. R.K. Tyagi BY:
Rohit Tehlan
Vinay Bhandari
Amit Malik
Agenda Module #1
Overview

Purpose

Working

Concept

Encoder

Demo
Overview
Inject code into a running Process

Bypass Antivirus

Backdoor a Process
Purpose
Bypass Antivirus (completely)

Post Exploitation Phase

Flexibility

Generic solution
Working
Divided into two parts
 Code (In a File)
 Interface (A Mechanism that will inject code into a
process)
Explorer
Code (File)
FireFox

Interface
Avast
Concept #7#8#9
Executable files (.EXE)

 Code (High/Mid Level Language)

 Compiler
Linker

 Linker

CODE Compiler .EXE


Executable Detection (Top Level View)
if (DetectSignaturePacker())
start emulator or Virtual environment
else
if (DetectSignatureMalware())
print “Aila.. Malware”
else
Print “Clean”
Antivirus Evasion
Divide Exe into two parts (not physically)

 The core code – in a file (may be a .txt)

 The Interface – That will inject the code into the process.

• How it bypass AV ??
Encoder
Written in Assembly

Three layer XOR encoding

Simple jmp/call decoding routine

Improvements Needed
DEMO

You might also like