Backdooring PE Files

by admin

Monday, November 20th, 2017 at 8:43 pm

Haider Mahmood has a nice write-up on his blog using a few different techniques to backdoor PE files, making them (hopefully) fully undetectable by anti-viruses. Some restrictions he used in the process were: not changing the functionality of the program itself , or increasing the file size, and avoiding using other common techniques like msvenom, veil, and other crypters/packers. The techniques he covers to help reduce the AV detection rate are, changing the PE’s section header, codecaves, and dual code caves. He goes over the pros and cons of each usage.

Your IP: 172.70.34.149
Hostname: 172.70.34.149

We love our country, but fear our government.