This blog is intended to show how to bypass the anti-virus detection using the Veil framework, as it is a collection of options designed for use during penetration testing. It currently consists of the next modules −
Veil-Evasion − a tool to create antivirus-evading payloads doing a kind of methods and languages Veil-Catapult − a psexec-style payload control system that integrates Veil-Evasion Veil-PowerView − a PowerShell device to gain network situational information on Windows domains Veil-Pillage − a modular post-exploitation framework that merges Veil-Evasion
What is a veil framework?
Based on python, the Veil-Framework is one of the most familiar devices for Anti-Virus deception. You can perform many various Metasploit payloads in c, python, ruby, PowerShell and more. The advantage of this tool is that you can join up a layer of encryption to your payloads. With the right optimization, you can bypass some general AV solutions.
To install the Veil- Framework, you are ready to configure the updated Python packages into your device.
How to Install veil framework?
The most important point to remember is that the installation must be enabled with superuser privileges. If you are not using the root account, prepend syntax with sudo or change to the root user before starting. The Veil-Framework is a spectacular tool for avoiding payload detection by the anti-virus software. To install it, you are first required to enable it from Github and execute the below commands.
git clone https://github.com/Veil-Framework/Veil.git cd Veil/ ./config/setup.sh --force --silent
How to generate payload?
Step-1: Now, choose the operation Evasion from the list as happens to generate the payload;
Step - 2: To record all the available payloads, choose the list option as usual which will show all the available payloads.
Step - 3: Now, choose your payload using the use syntax
Step - 4: At last, after choosing the payload, choose the py2exe option and hit the create command to generate the desired FUD payload
You can simply see that the runme.bat fully undetectable virus is created and stored in the /usr/share.veil-output/source directory.
If you have any doubt about the veil framework don’t hesitate to contact us through the given email. Airzero sec will be your digital partner.
Author - Johnson Augustine
Ethical Hacker and Data Security Researcher
Founder: Airo Global Software Inc
LinkedIn Profile: www.linkedin.com/in/johnsontaugustine/