1
00:00:01,170 --> 00:00:09,330
Using MSF venom, you can create more complicated malware doing this, you may suppose it will not be

2
00:00:09,330 --> 00:00:12,710
easy for the security systems to recognize the malware.

3
00:00:13,590 --> 00:00:15,660
Look at the examples seen in the slide.

4
00:00:16,170 --> 00:00:19,980
You can use DAGI parameter to encode the payload.

5
00:00:20,670 --> 00:00:27,810
You can use MSF Venom Dash El Encoders to see the list of encoders with the dashi parameter.

6
00:00:27,810 --> 00:00:30,210
You can encode the payload several times.

7
00:00:30,570 --> 00:00:32,430
In this example it was 10 times.

8
00:00:33,300 --> 00:00:38,130
Darshak is used to preserve the template behavior and inject the payload as a new thread.

9
00:00:38,610 --> 00:00:45,270
If you use this option, the size of the output file becomes a bit bigger than the template file.

10
00:00:46,480 --> 00:00:51,340
But do not forget that you are still using a standard Métis payload.

11
00:00:52,940 --> 00:00:55,070
Let's take a closer look at the listener.

12
00:00:56,060 --> 00:01:02,150
If you use a payload with a reverse connection, also known as a connect back, you, the attacker,

13
00:01:02,150 --> 00:01:04,640
have set up a listener first on your box.

14
00:01:05,240 --> 00:01:09,820
The victim or target machine acts as a client connecting to that listener.

15
00:01:10,190 --> 00:01:12,770
And then finally, you receive the session.

16
00:01:14,120 --> 00:01:21,110
Exploits multigrain handler module of Métis flight framework is used to collect and manage multiple

17
00:01:21,110 --> 00:01:28,070
sessions from different platforms, you can see the detailed options of the handler using show advanced

18
00:01:28,070 --> 00:01:28,610
command.

19
00:01:29,180 --> 00:01:35,510
If you set exit on Zeshan False, the handler continues to listen when an active session is killed.

20
00:01:36,940 --> 00:01:44,110
Set the same payload with the malware and set the option of the payload, if you run the handler using

21
00:01:44,110 --> 00:01:48,340
the exploit dash J command, the handler runs in the background.

22
00:01:49,910 --> 00:01:52,460
When a session is opened, a message appears.

23
00:01:53,720 --> 00:01:57,680
Use session Dash L Command to list the active sessions.

24
00:01:59,300 --> 00:02:05,510
To activate a session use session I command with the I.D. number of that session.

25
00:02:07,500 --> 00:02:11,310
You can use background command to send the session background.

26
00:02:13,370 --> 00:02:21,950
Use session Darshak with session ID to kill a session, if you use Dask uppercase K parameter, you

27
00:02:21,950 --> 00:02:23,930
kill all captured sessions.