ElektraEmber сказал(а):
To deliver malware effectively, study your target's environment to identify vulnerabilities in their security measures, including antivirus (AV), endpoint detection and response (EDR), and mail protection systems.
One common method is to send the malware as an email attachment, either zipped to bypass mail protection or as a document with macros enabled. When the victim opens the attachment, the malware is executed, often downloading additional malicious payloads from a remote server.
You may also exploit vulnerabilities in software or services used by the target. For example, use a phishing email to trick a user into clicking a malicious link that exploits a vulnerability in their web browser or operating system.
In cases where the target has strong security measures in place, you may use social engineering tactics to trick users into disabling or bypassing security features, such as AV or EDR, themselves.
To avoid detection, it's important to understand the target's security measures. Identify which AV/EDR/mail protection products are being used and analyze how your sample can bypass detection. For instance, sending the malware in a zipped file or as a document with macros enabled can help evade mail detection.
However, be aware that as soon as the malware is unzipped, it will likely come to the attention of the EDR, requiring you to figure out how to evade detection. Alternatively, target a small company that does not have EDR, as many companies don't, and then AV won't detect it unless it matches a known signature.
Нажмите, чтобы раскрыть...