Meterpreter & Nginx Reverse Proxy — INTRODUCTION If you have been playing around with Meterpreter in highly monitored environments, you probably know that the plug-and-play options won’t work for you. …

Bypassing Windows Defender — Meterpreter edition — TOPICS MSFvenom payload creation Extra XOR layer Create DLL and Powershell Download Script Get a shell! Bypassing Windows Defender Last month, I wrote two articles about the proper use of SSL with Powershell Empire and SSL with Meterpreter. That alone (and some other magic) let us bypass most of the Antivirus products. However, since…

Bypassing Windows Defender — Empire edition — TOPICS Empire setup Magic to avoid detection Go go go! Bypassing Windows Defender Last month, I wrote two articles about the proper use of SSL with Powershell Empire and SSL with Meterpreter. That alone (and some other magic) let us bypass most of the Antivirus products. However, since a few weeks, Windows Defender seems…

Encrypting Empire traffic — TOPICS Register a domain Letsencrypt Empire Magic GO THE EXTRA MILE Stop being lazy. Stop using the default options that come with your favourite hacking tools. To avoid detection, you need play smart. Because believe it or not, Hunters (or: Blue Teamers) are becoming smarter every day. In this tutorial, I will not only focus…

Encrypting Meterpreter traffic — TOPICS Register a domain Letsencrypt Meterpreter Magic STOP USING DEFAULT SSL CERTIFICATES By default, Meterpreter creates custom SSL certificates to encrypt traffic between the target and your C2 server if you turn on SSL. However, these custom SSL certificates contain fingerprintable data that enables Hunters to easily detect your backdoor. Obviously, with SSL Termination (or SSL…