This video from DerbyCon discusses the basics of the AV evasion problem, what techniques work, which ones don't and why. The talk has a particular focus on AV evasion as it relates to Metasploit payloads.
Author: David Maloney is a Senior Software Engineer on the Metasploit team at Rapid7.
Posted on 19 December 2014. | Security researcher Samy Kamkar has devised a fast and easy way to compromise an unlocked computer and open a backdoor on it: a simple and cheap ($20) pre-programmed Teensy microcontroller.
Posted on 19 December 2014. | A new variant of the infamous Zeus banking and information-stealing Trojan has been created to target the users of over 150 different banks and 20 payment systems in 15 countries, including the UK, the US, Russia, Spain and Japan.
Posted on 17 December 2014. | How to deal with untrustworthy third-party add-ons that could endanger your own users? Prevent them from loading - if you can. That's what Google recently did with Gmail extensions that load code that interferes with the users' Gmail session or malware that can compromise their emailís security.
Posted on 12 December 2014. | Make sure you understand the service level agreements with your cloud service provider. They will often replicate virtual machines in the cloud to ensure availability and make sure they maintain their SLAs. Ask them how they are making sure that your apps and data stay where they belong.