Home Did you know ? Avoiding Anti-Virus Detection with Veil-Evasion

Avoiding Anti-Virus Detection with Veil-Evasion

by Unallocated Author

Veil-Framework is defined in Ryan Gandrud’s blog as,

“Veil-Framework is a collection of tools that help with information gathering and post-exploitation. One such tool is Veil Evasion which is used for creating payloads that can easily bypass Antivirus using known and documented techniques.”

For ethical hackers, evading AV software is a significant detail of success. If an anti-virus program is alerted of an attack, there is a higher likelihood of presenting further weaknesses. Even more, the execution itself would be pointless due to the exploit’s detectability.

Veil-Framework’s official website explains,

“Anytime that a professional pen tester, or red teamer, uses a tool on an assessment, your customer is trusting you to not introduce additional vulnerabilities into their network. When you create a backdoor through Veil-Evasion, or any other payload generator, you need to be sure that the payload you are creating connects back to you and only you.”

Fortunately, tools such as Veil-Evasion exist for this very reason. Designed to evade common antivirus solutions, Veil-Evasion utilizes the generation of payload executables. Although this is just a piece of the Veil Framework suite, it is one of the more useful tools in the overall Veil Superproject.

For Linux users, the installation and set-up is simple:

  • git clone https://github.com/Veil-Framework/Veil-Evasion.git
  • cd Veil-Evasion/setup/
  • ./setup.sh
  • Input Y when prompted
  • Follow Python installation prompts – choose yes when asked about overwriting files
  • Continue to follow the installation prompts until finished
  • To run Veil-Evasion, type: ./Veil-Evasion.py
The available commands included in Veil:
  • use – “use a specific payload”
  • info – “information on a specific payload”
  • list – “list available payloads”
  • update – “update Veil to the latest version”
  • clean – “clean out payload folders”
  • checkvt – “check payload hashes vs. VirusTotal”
  • exit – “exit Veil”

Getting the hang of the Veil Framework suite in general is a huge recommendation for novice hackers. Although the interface can take a bit of getting used to, there are more detailed guides available online.

You may also like