Skip to content

Antivirus Sandbox Evasion (part2) – Slides

by foip on June 29th, 2012


Here is the PowerPoint presentation explaining the sandbox evasion technique, used in the part 1 of this story (see Antivirus Sandbox Evasion (par1)).


1 Star2 Stars3 Stars4 Stars5 Stars (2 votes, average: 5.00 out of 5)


© 2012, foip. All rights reserved.

From → Hacking, Metasploit

  1. Fun and Good presentation !

  2. Great sharing !!! Thanks so much

  3. Teoz permalink

    Great presentation!
    I’ve tried an implementation based on your ideas but in my case Avira’s sandbox is always triggered because the signature is missing and the reputation it’s too low.
    My exe check if the tcp port 445 is reacheable, if not doesn’t executes the payload.
    After about 15s the sanbox terminates the program without threat warning but I’ve to manually add my exe to the exception list otherwise on the next run the situation is the same.

    Any suggestions? :-)

  4. GoodDog permalink

    Great Article! Pretty amazing :)

    Could you just explain to me the next code line in your home-made encoder :

    (*(void (*)()) (void*)lpAlloc)();

    This is to run the code stored in the allocated memory I presume but in details, I’m a little bit lost with all these Brackets… :)

    I’m not an expert in C and I’d like to understand.


Leave a Reply

Note: XHTML is allowed. Your email address will never be published.

Subscribe to this comment feed via RSS

© 2010-2024 Fun Over IP All Rights Reserved -- Copyright notice by Blog Copyright