I haven't been up to a lot lately. I'm finishing out my term with my current employer, getting equipment ready for Las Vegas, and thinking about the viability of a few personal projects.

I have however found time to do a little reading. Over at the SANS Reading Room there is a paper titled Effectiveness of Antivirus in Detecting Metasploit Payloads by Mark Baggett. This is a really solid paper with some great work done by Mark. Mark takes the reader from a basic payload, to customizing options, to making use of the msfencode functions, etc. In addition to the authors goals, this paper could serve as a great jumping off point for pentesters wishing to make use of metasploit payloads instead of say the CORE agent. I wouldn't call it deeply technical, but it does clearly illustrate some of the issues with today's antivirus solutions.

This entry was posted on Monday, July 28th, 2008 at 11:50 pm and is filed under Security. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.