Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Eplox/evador

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
README.md
README.md
 
 
eicar.txt
eicar.txt
 
 
evador.html
evador.html
 
 
picture.txt
picture.txt
 
 

Repository files navigation

IPS / IDS download evasion

Background

I was hired by a customer to run a malware phishing campaign, but had to improvise after a recon which uncovered:

  • The customer email spam server was link-crawling
  • The customer has IPS (Intrusion Prevention Firewall) with SSL inspection enabled
  • IPS is able to unpack / decode multiple levels of compressions
  • IPS has both signature detection and sandboxing functionality
  • IPS is also blocking known bad file extensions, such as bat, dll, jar, hlp, lnk, e.g.

This prevented me from doing any attachment-based or standard download related phishing, so had to think outside the box. Solution was a JavaScript downloader, which first grabbed an encoded payload and loaded it into the DOM, then decoded it and saved the file locally on the victim's computer.

Proof of Concept can be tested here http://hisec.no/evador.html

About

IDS/IPS malware download evasion

Resources

Readme
Activity

Stars

15 stars

Watchers

5 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Languages