New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Villain gets detected by windows defender #15
Comments
same issus |
I made a small update in the payload templates and it seems to do the trick again (for now). I will try to update the templates and improve the general functionality of Villain in time but there will be ups and downs, it's inevitable. I encourage you to look into AV evasion techniques both manually and by using automated tools, you can start by checking this repo out -> https://github.com/sinfulz/JustEvadeBro or some of the videos I've made. |
I am intentionally leaving this open indefinitely. |
@t3l3machus unfortunately with new windows defender update same issue again |
You might "cypher" de string unsing key ? |
I made a video to give you ideas on how to bypass detection. I can update the templates or the auto-obf function but it's not worth it. https://www.youtube.com/watch?v=FVbdZSGkzhs |
Thank you for response. Your tool is very useful and great work! |
@edikiuspy thank you :)) |
@t3l3machus Nicely done for your explain. |
@gaalos That was the goal at the beginning. It doesn't matter how complicated i make it, it will just keep getting flagged and at some point the payload will be burned. I have tried many other tricks (including various string operations, adding logical operators here and there, it doesn't work). |
@t3l3machus yes it's true ^^. |
@gaalos yeah i have already done it! I will update soon with an additional windows cmd payload template |
@t3l3machus Thx for your work ! Your code make me happy ton explain somes risk to my students :=) |
@rikda It will eventually get detected, you need to apply your own magic to bypass. |
if you want to bypass defender please try these techniques |
@t3l3machus when did you do the update about "
Hey @t3l3machus when did you update it with binary payload ? :p |
@gaalos haven;t done such update and don't intent to. Other things are in order for Villain (after i release a new tool probably next Monday) :) |
For me its still working like a charm ,but im wondring if there's a way to fix the payload to be able to work on OS Windows 8.1 ,it giving me this |
convert your PowerShell script into EXE in 2 seconds watch the video - https://youtube.com/shorts/1uxvjBPqu7I?feature=share |
Thank you for your replay, but unfortunately converting ps to exe doesn't help to get the reverse shell working |
not working because it's just executing script, not a real BINARY/EXE File :) |
Does someone have the older version of villain? if yes can you guys send the file here pls |
The last version of Villain still gets detected by windows defender. The obfustacte function doesn't work for the netcat templates, i got this error "Ignoring unsupported arguments: OBFUSCATE" and add the obfuscate attrinut doesn't work either. Does someone how i can make this work ? |
Hey all i use something like curl to ... and it's work run.bat REM Remplacez l'URL par celle que vous souhaitez appeler REM Effectue la requête curl à partir de l'URL et stocke la sortie dans une variable REM Exécute la sortie de la variable comme une commande REM Terminer le script or REM Remplacez l'URL par celle que vous souhaitez appeler REM Effectue la requête curl à partir de l'URL et stocke la sortie dans une variable REM Exécute la sortie de la variable comme une commande REM Terminer le script @t3l3machus Maybe you can try to create cmd/powreshell base on curl call ? |
I used obfuscate option but still got detected.
The text was updated successfully, but these errors were encountered: