Are there any consistent ways of lowering entropy on a malware?
Any material I can read to get a better understading of how to do this?
Any material I can read to get a better understading of how to do this?
-
XSS.stack #1 – первый литературный журнал от юзеров форума
Ways of lowering entropy on malware
- Автор темы carbanak666
- Дата начала
-
- Теги
- malware malware developer
Hi friend! Glad to see people looking into topics like this more. To reduce the entropy in your malware, there are a general few best practices:
1. Limit the use of AES - Tbh, you can get payload encryption done pretty handily using XOR to decrypt (make sure to fetch from a remote source).
2. Increase what you can control, aka known data - You can lower the overall entropy of your binary by "packing" it with all sorts of things that are a const variable. Some like to use words from the dictionary, song lyrics, or some other thing!
3. Embed legit data in .rsrc - Use resource hacker and add some good data from a viable binary! This can help in more than just entropy.
Hope this helps you get started
1. Limit the use of AES - Tbh, you can get payload encryption done pretty handily using XOR to decrypt (make sure to fetch from a remote source).
2. Increase what you can control, aka known data - You can lower the overall entropy of your binary by "packing" it with all sorts of things that are a const variable. Some like to use words from the dictionary, song lyrics, or some other thing!
3. Embed legit data in .rsrc - Use resource hacker and add some good data from a viable binary! This can help in more than just entropy.
Hope this helps you get started
- Автор темы
- Добавить закладку
- #3
Thanks bro, It sures help! I'll start looking into these things you mentioned!! Ty againHi friend! Glad to see people looking into topics like this more. To reduce the entropy in your malware, there are a general few best practices:
1. Limit the use of AES - Tbh, you can get payload encryption done pretty handily using XOR to decrypt (make sure to fetch from a remote source).
2. Increase what you can control, aka known data - You can lower the overall entropy of your binary by "packing" it with all sorts of things that are a const variable. Some like to use words from the dictionary, song lyrics, or some other thing!
3. Embed legit data in .rsrc - Use resource hacker and add some good data from a viable binary! This can help in more than just entropy.
Hope this helps you get started
- Автор темы
- Добавить закладку
- #5
Im using XOR already, minimum entropy I could reach was 4 or 5. Any ideas of bypassing AV/EDR without encrypting the shit out of everything?
Crowdstrike Falcon always get me
Anyone worked with carbon black before? I'd could use some tips on this topic too hehe
Falcon hates injectionIm using XOR already, minimum entropy I could reach was 4 or 5. Any ideas of bypassing AV/EDR without encrypting the shit out of everything?
Crowdstrike Falcon always get me
Anyone worked with carbon black before? I'd could use some tips on this topic too hehe
