Wow, you've had success with PEScrambler and Core's agent? I've tried PEScramber several times and it creates a new executable, but it doesn't work. I am not familiar with UPX or the ability to use Metasploit's msfpayload with Core's agent. Have you done this before? Any tips or tricks that you could share? I guess I will try PEScramber again also.
Brian Judd ------------------------------ Message: 8 Date: Thu, 18 Mar 2010 13:02:54 -0400 From: Paul Asadoorian <[email protected]> Subject: Re: [Pauldotcom] Package/Scramble Core Impact Agents To: PaulDotCom Security Weekly Mailing List <[email protected]> Message-ID: <[email protected]> Content-Type: text/plain; charset=ISO-8859-1 Ah yes, pe-scrambler works really well too, I've used it with great success. If all else fails, a VBscript payload in a Word doc is effective. Cheers, Paul On 3/18/10 12:07 PM, Daniel Holiday wrote: > Would pescrambler work for this? > > http://www.rnicrosoft.net/ > > > > On Thu, Mar 18, 2010 at 9:05 AM, Brian Judd <[email protected] > <mailto:[email protected]>> wrote: > > Does anyone know of a good packager/installer that can get a Core > Impact agent past AV detection? I used NSIS in the past, but it > seems to be getting caught now. Thanks! > > > > Brian Judd > > This message (including any attachments) may contain confidential > information and is intended only for the individual to which it is > addressed. If you are not the intended recipient, please delete this > message and contact the sender. You are also hereby notified that > any review, disclosure, copying, or distribution of this message, or > the taking of any action based on it, is prohibited. > _______________________________________________ > Pauldotcom mailing list > [email protected] <mailto:[email protected]> > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com > > > > > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com -- Paul Asadoorian PaulDotCom Enterprises Web: http://pauldotcom.com Phone: 401.829.9552 _______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
