[OSCP] Antivirus Evasion - Detection Methods
- 보안/OSCP
- 2024. 12. 10.
반응형
- Which AV engine is responsible for translating machine code into assembly?
--> Disassembler - Which AV detection method makes use of an engine that runs the executable file from inside an emulated sandbox?
-->Behavioral Detection - Start up VM #1 and connect via RDP to the Windows 11 machine with the provided credentials. On the user's desktop you will find a PE file named malware.exe. In order to get the flag, upload the malware sample to http://www.virustotal.com and once the analysis has completed check the metadata present in the BEHAVIOR tab.
--> OS{01d15aa06fe1d4f67af0311cd27a5fff}
xfreerdp /u:offsec /p:lab /v:192.168.152.61 /drive:share,/home/kali3번의 경우 실행되는 Vm에 접근하고 해당파일을 칼리로 이동시는 명령어 학습을 요구 하는것 같다.
위명령어로 접근해서 파일이동후 바이러스토탈에 등록 및 내용확인하면 끝.
반응형
'보안 > OSCP' 카테고리의 다른 글
| [OSCP]Password Cracking Fundamentals - 15.2.2 Mutating Wordlists (0) | 2024.12.12 |
|---|---|
| [OSCP]Attacking Network Services Logins - 15.1 (0) | 2024.12.12 |
| [OSCP] Fixing Memory Corruption Cross-Compiling Exploit Code -13.1.3. (2) | 2024.12.09 |
| [OSCP] Exploiting a Target - exam (0) | 2024.12.04 |
| [OSCP] Client-side Attacks - Information Gathering (0) | 2024.11.26 |