1
00:00:01,200 --> 00:00:09,360
‫Using MSF venom, you can create more complicated malware doing this, you may suppose it will not be

2
00:00:09,360 --> 00:00:12,740
‫easy for the security systems to recognize the malware.

3
00:00:13,620 --> 00:00:15,690
‫Look at the examples seen in the slide.

4
00:00:16,200 --> 00:00:20,010
‫You can use dashi parameter to encode the payload.

5
00:00:20,700 --> 00:00:27,810
‫You can use MSF Venom Dash El Encoders to see the list of encoders with the dashi parameter.

6
00:00:27,810 --> 00:00:30,240
‫You can encode the payload several times.

7
00:00:30,600 --> 00:00:32,460
‫In this example it was 10 times.

8
00:00:33,300 --> 00:00:38,160
‫Darshak is used to preserve the template behavior and inject the payload is a new thread.

9
00:00:38,650 --> 00:00:45,270
‫If you use this option, the size of the output file becomes a bit bigger than the template file.

10
00:00:46,510 --> 00:00:51,370
‫But do not forget that you are still using a standard metal like payload.

11
00:00:52,970 --> 00:00:55,100
‫Let's take a closer look at the listener.

12
00:00:56,110 --> 00:01:02,170
‫If you use a payload with a reverse connection, also known as a connect back, you, the attacker,

13
00:01:02,170 --> 00:01:04,660
‫have set up a listener first on your box.

14
00:01:05,290 --> 00:01:09,850
‫The victim or target machine acts as a client connecting to that listener.

15
00:01:10,210 --> 00:01:12,790
‫And then finally, you receive the session.

16
00:01:14,140 --> 00:01:21,130
‫Exploits multigrain handler module of Métis flight framework is used to collect and manage multiple

17
00:01:21,130 --> 00:01:28,090
‫sessions from different platforms, you can see the detailed options of the handler using show advanced

18
00:01:28,090 --> 00:01:28,630
‫command.

19
00:01:29,220 --> 00:01:35,530
‫If you set exit on Zeshan False, the handler continues to listen when an active session is killed.

20
00:01:36,960 --> 00:01:44,160
‫Set the same payload with the malware and set the option of the payload, if you run the handler using

21
00:01:44,160 --> 00:01:48,360
‫the exploit dash J command, the handler runs in the background.

22
00:01:49,940 --> 00:01:52,490
‫When a session is opened, a message appears.

23
00:01:53,770 --> 00:01:57,700
‫Use session Dash L Command to list the active sessions.

24
00:01:59,330 --> 00:02:05,540
‫To activate a session use session that I command with the I.D. number of that session.

25
00:02:07,520 --> 00:02:11,330
‫You can use background command to send the session background.

26
00:02:13,400 --> 00:02:21,980
‫Use session Darshak with session ID to kill a session, if you use Dask uppercase K parameter, you

27
00:02:21,980 --> 00:02:23,960
‫kill all captured sessions.