User Controls
Multi-Platform PE crypter.
-
2017-02-17 at 4:22 PM UTCSo maybe some of you have heard about this Python script called PeCloak. It's a crypter written by Mike Czumac from Security Sift. Basically AV detection is reliant on file signatures with limited application of sandbox / heuristic-based detection. Therefore if you employ some sandbox defeating techniques and encode your binary you are able to defeat AV solutions. And that is exactly what PeCloak does. It's a neat little program useful in the deployment of malware.
The original including the article can be found by clicking here.
Recently though a Github user by the name of VPB has decided to expand on the original PeCloak by making his own fork. Now you can have this functionality no matter what platform you are on, and if i am not mistaken all the dependencies are delivered with the script once you download/clone it form the repo.
Check it out here.
https://github.com/v-p-b/peCloakCapstone -
2017-02-17 at 4:39 PM UTCIt's funny to see this pop up in 2017, when I already figured it all out back in the early '90's.
-
2017-02-17 at 10:35 PM UTC
Originally posted by -SpectraL It's funny to see this pop up in 2017, when I already figured it all out back in the early '90's.
The concept of a crypter is nothing new, what is worth mentioning about this one specifically is that it's written in Python has a relatively simple encoding scheme and still manages to defeat top of the line AV solutions. Plus with the new fork being multi-platform this makes this tool a valuable asset to have in your cyber arsenal. -
2017-02-17 at 10:46 PM UTCPython came out in the early '90. too. All of this is nothing new. I recognize a good part of that code from the early days. Problem here is, AV companies catch on super fast. They have bot collectors out there working day and night, also submitters by the millions, and it doesn't take them long at all to identify the threat, and the AV software auto-updates. This will not stay 0day for very long, even as good as it is. Of course, it would still have limited use, and is not completely worthless.
-
2017-02-17 at 11:09 PM UTC
Originally posted by -SpectraL Python came out in the early '90. too. All of this is nothing new. I recognize a good part of that code from the early days. Problem here is, AV companies catch on super fast. They have bot collectors out there working day and night, also submitters by the millions, and it doesn't take them long at all to identify the threat, and the AV software auto-updates. This will not stay 0day for very long, even as good as it is. Of course, it would still have limited use, and is not completely worthless.
The term 0day doesn't apply here as it is not an issue of a flaw in any software that is targeted by this piece of kit. I believe the term you are looking for is FUD. In any event, AV companies do have fast and easy access to the newest crypters on the scene, the fact remains that if you polymorphically encode your binary, signature detection will be rendered useless since, the manner in which it is encoded keeps changing. Combine that with sandbox evasion techniques and you'll go a long way towards remaining undetectable for a good deal of time.
Anyway, there are some technical details that i won't go into right now but can be read in the article. If you really do know what's what, i'd suggest perusing it at your leisure it offers some interesting insights into the technological underpinnings of this proof of concept. -
2017-02-18 at 12:22 AM UTCThe following users say it would be alright if the author of this post didn't die in a fire!
-
2017-02-18 at 3:30 AM UTC
