Initial Access - Phishing Payload Preparation with Windows Defender Bypass
Vložit
- čas přidán 24. 07. 2024
- Be better than yesterday -
This video provides a high level introduction on Initial Access, whereby its objective is to gain an initial foothold into your target environment. The video subsequently demonstrates and discuss on payload preparation that can be used in phishing campaigns to gain initial access onto your victim's computer machine.
It was possible to develop an undetected .EXE payload, followed by a .DLL payload, that executes a Covenant C2 HTTP implant. The video then showcases how to create a legitimate-looking launcher file, such as using the Windows shortcut .LNK file to execute the undetected payload.
Ultimately, it was possible to bypass the latest Windows defender with all of its features turned on, resulting in a Covenant C2 HTTP implant callback.
This video provides a step-by-step walkthrough and demonstration behind the scenes during payload preparation.
DISCLAIMER:
All content posted on this CZcams channel is SOLELY FOR Educational and Awareness purposes ONLY. Any actions and/or activities related to the material presented in this CZcams channel is entirely YOUR responsibility.
We DO NOT promote, support, encourage any illegal activities such as hacking, and we WILL NOT BE HELD responsible in the event of any misuse and abuse of the content resulting in any criminal charges.
Stay connected:
Twitter: / gemini_security
Udemy: www.udemy.com/user/gemini-88/
Facebook: profile.php?...
Github: github.com/gemini-security
Discord: / discord
Covenant C2 - Setup Installation and Basic Usage:
• Covenant C2 - Setup In...
Previous Covenant C2 Windows Defender Bypass:
• Covenant C2 - Bypass W...
C2 Traffic Redirector with Apache mod_rewrite:
• C2 Redirector - How to...
Gemini Security Github Repository:
github.com/gemini-security
Link to Windows Defender Bypass playlist:
• Windows Malware Payloa...
Link to Covenant C2 tool:
github.com/cobbr/Covenant
Other Misc. References shown in the video:
attack.mitre.org/tactics/TA0001/
github.com/owasp-amass/amass
www.shodan.io/
github.com/projectdiscovery/n...
github.com/s0lst1c3/eaphammer
github.com/kgretzky/evilginx2
bluescreenofjeff.com/2016-06-...
Gemini Security Awesome Hacking T-Shirts - Support the channel:
www.redbubble.com/people/Gemi...
Looking to donate?
BTC: 19HiqQ2Qw83mxK9dcdoWb8VfAcsNgmp52k
Timestamp:
00:00 Initial Access Introduction
04:15 Developing an Undetected Payload
18:31 Payload Delivery Demonstration
Appreciate your hard work in providing invaluable info on cybersecurity, keep going👍👍👍
i'm so thankful to you for these kind of advanced tuts, please keep up the good work we need more of these stuff
it's very basic knowledge, but the author is a good teacher
Brooo u are the BEST, that is amazing
thank you so much
Amazing bro :)
Bro you are repeating same mistake of enabled automatic sample submission in windows defender because of it undetectable payloads become detected
Hello,
Thanks for the suggestions, I will definitely take note of it moving forward.
Cheers
u r awesome
Very interesting and informative! Are there alternative payloads to meterpreter that are harder for windows to detect, even with sample submission? Also, could you make an updated version of this tutorial with obfuscation steps included?
Can you do like a tutorial from start to end explaining everything (Shells, Payloads, C2, Bypass WinDef, Def Evasion ) and so on ...
i like u vedios but some past vedis about bypasssing av and all was like too short u showed how to do it but i didnt really understand detals behind how the process worked like the covenant c2 bypass defender vedio mayb its my mistake i didnt understand it fully but just poininting it out here thankyou
Thanks bro
bug in the library
no entry: G22 pls help! when I try to run dll at my windows machine I got thaat message bug in the library
no entry: G22
Good job man. I would recommend CRTO from Zero Point Security and Offline Red Team training form Mr Un1k0d3r to learn more about red team and OPSEC.
bro can it be done over wan??i mean over the network?
Hello,
Yes definitely. You just need to setup your C2 server on a public facing, internet exposed server, such as AWS EC2.
Else you'll need to configure port forwarding if you're setting it up at home since you'll be likely behind your router's NAT.
Cheers
Sir please turn off your "Automatic sample submission"
yeah!
Hello,
Thanks for the suggestions, I will definitely take note of it moving forward.
Cheers
@@gemini_security and please can slow it little pace of video mostly i misses the important points that's it, other than that videos are completely knowledgeable 😁