How To Bypass FULLY Updated Windows Defender & Windows 11 With Nim for a STABLE Reverse Shell
Vložit
- čas přidán 14. 07. 2024
- Join the Hack Smarter community: hacksmarter.org
--- In this video, I demonstrate how to compile malicious code written in Nim into a .exe Windows Binary that spawns a stable reverse shell when clicked on by a user.
This bypass is working on fully updated versions of Windows 11 running the latest Defender signatures as of November 27th, 2023.
Enjoy!
(Here's the reverse shell I used in the video: github.com/Sn1r/Nim-Reverse-S...) - Věda a technologie
This is awesome Tyler! I am glad it still works. I just created another nim loader that can reach out and execute the payload in memory from a remote server. Amazing stuff!
can you share how
Amazing tutorial, great job. It worked perfectly for me and I was looking for something like this for a while and this is the first thing that worked. Thank you abd amazing work.
good video and new knowledge for me. TQ
Thanks Tyler, love you videos. I tested this out on Windows Server 2022 that has Defender fully running and up-to-date and I performed the same steps, defender didn't pick me up.
it was working but it seems like the nim reverse shell code isn't working anymore
I test your video about scarecraw, it works on win11 ok. but in updated windows server , it not working anyway...
so, what do u think about these tools?
is windows defender was diffrent in win11 vs win-server?
is this new tool, works on windows server?
by the way, tanx for your videos...very cool
This is only unnoticed if you download it via powershell but if I download it via my apache2 server it is recognised immediately, is there a solution for this?
How to append the payload to my python script for bufferoverflow in bytes
It's working 🔥🔥
But how to make im persistant like if the user restart Windows we get the connexion back
There are a lot of ways for persistence once you have a shell. I'd recommend the Red Team Pathway on TryHackMe for learning more.
Hey, what are the coding languages we are supposed to learn to become a better hacker?. Great video as always
python
@@aminnazri5534 "python" ???? 😭😭😭😭
still working?
Window defender is able to detect this. I have just tested.
Good to know! AV evasion is a cat & mouse game. It looks like they have added this, so now the fun is bypassing it again :)
@@TylerRamsbey And now, it is functioning precisely as demonstrated in the video after some modifications to the program, such as adjusting the function name, substituting 'const' for 'var' to declare constants, and modifying certain variable names and adjusting format and comments. Thank you. :)
@@karanprasadbhattplease share your edited code with us :) 🎉
is possible hacked with One click link ?
Target has to run it. No.
A hack in few minutes
Doesn’t work
AV Evasion is a cat & mouse game. Generally the bypasses only work for a month or two.
Defender detect, good joke 😂
As I said, it's a cat and mouse game. AV bypasses only work for a limited time, which is why I included the date information. Before insulting a video, do research on AV Evasion.
Program 'a.exe' failed to run: The file or directory is corrupted and unreadableAt line:1 char:1
+ ./a.exe
+ ~~~~~~~.
At line:1 char:1
+ ./a.exe
+ ~~~~~~~
+ CategoryInfo : ResourceUnavailable: (:) [], ApplicationFailedException
+ FullyQualifiedErrorId : NativeCommandFailed
From a shell I found a way to then upload a meterpreter windows payload and get a full shell and bypass defender doing it.
What would be really impressive. If you could disguise it as a pdf.