Evading Antivirus Detection Using Fountain Code-Based Techniques for Executing Shellcodes
In this study, we propose a method for successfully evading antivirus detection by encoding malicious shellcode with fountain codes. The Meterpreter framework for Microsoft Windows 32-bit and 64-bit architectures was used to produce the shellcode used in this investigation. The experimental results...
Saved in:
| Main Authors: | , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
MDPI AG
2025-01-01
|
| Series: | Sensors |
| Subjects: | |
| Online Access: | https://www.mdpi.com/1424-8220/25/2/460 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1832587476530626560 |
|---|---|
| author | Gang-Cheng Huang Ko-Chin Chang Tai-Hung Lai |
| author_facet | Gang-Cheng Huang Ko-Chin Chang Tai-Hung Lai |
| author_sort | Gang-Cheng Huang |
| collection | DOAJ |
| description | In this study, we propose a method for successfully evading antivirus detection by encoding malicious shellcode with fountain codes. The Meterpreter framework for Microsoft Windows 32-bit and 64-bit architectures was used to produce the shellcode used in this investigation. The experimental results proved that detection rates were substantially decreased. Specifically, the number of detected instances using antivirus vendors for 32-bit shellcode decreased from 18 to 3, while for 64-bit shellcode, it decreased from 16 to 1. This method breaks up a malicious payload into many packets, each with their own distinct structure, and then encodes them. This obfuscation approach maintains the shellcode’s integrity, ensuring correct code execution. However, in the persistence phase of the penetration testing process, this method offers an additional means of evading antivirus techniques. |
| format | Article |
| id | doaj-art-102b35c3e5ee40959f516121f9136387 |
| institution | Kabale University |
| issn | 1424-8220 |
| language | English |
| publishDate | 2025-01-01 |
| publisher | MDPI AG |
| record_format | Article |
| series | Sensors |
| spelling | doaj-art-102b35c3e5ee40959f516121f91363872025-01-24T13:49:00ZengMDPI AGSensors1424-82202025-01-0125246010.3390/s25020460Evading Antivirus Detection Using Fountain Code-Based Techniques for Executing ShellcodesGang-Cheng Huang0Ko-Chin Chang1Tai-Hung Lai2Department of Computer Science and Information Engineering, Chung Cheng Institute of Technology, National Defense University, Taoyuan 335009, TaiwanDepartment of Electrical and Electronic Engineering, Chung Cheng Institute of Technology, National Defense University, Taoyuan 335009, TaiwanDepartment of Computer Science and Information Engineering, Chung Cheng Institute of Technology, National Defense University, Taoyuan 335009, TaiwanIn this study, we propose a method for successfully evading antivirus detection by encoding malicious shellcode with fountain codes. The Meterpreter framework for Microsoft Windows 32-bit and 64-bit architectures was used to produce the shellcode used in this investigation. The experimental results proved that detection rates were substantially decreased. Specifically, the number of detected instances using antivirus vendors for 32-bit shellcode decreased from 18 to 3, while for 64-bit shellcode, it decreased from 16 to 1. This method breaks up a malicious payload into many packets, each with their own distinct structure, and then encodes them. This obfuscation approach maintains the shellcode’s integrity, ensuring correct code execution. However, in the persistence phase of the penetration testing process, this method offers an additional means of evading antivirus techniques.https://www.mdpi.com/1424-8220/25/2/460antivirus evasionfountain codeMetasploit frameworkmsfvenommeterpretershellcode |
| spellingShingle | Gang-Cheng Huang Ko-Chin Chang Tai-Hung Lai Evading Antivirus Detection Using Fountain Code-Based Techniques for Executing Shellcodes Sensors antivirus evasion fountain code Metasploit framework msfvenom meterpreter shellcode |
| title | Evading Antivirus Detection Using Fountain Code-Based Techniques for Executing Shellcodes |
| title_full | Evading Antivirus Detection Using Fountain Code-Based Techniques for Executing Shellcodes |
| title_fullStr | Evading Antivirus Detection Using Fountain Code-Based Techniques for Executing Shellcodes |
| title_full_unstemmed | Evading Antivirus Detection Using Fountain Code-Based Techniques for Executing Shellcodes |
| title_short | Evading Antivirus Detection Using Fountain Code-Based Techniques for Executing Shellcodes |
| title_sort | evading antivirus detection using fountain code based techniques for executing shellcodes |
| topic | antivirus evasion fountain code Metasploit framework msfvenom meterpreter shellcode |
| url | https://www.mdpi.com/1424-8220/25/2/460 |
| work_keys_str_mv | AT gangchenghuang evadingantivirusdetectionusingfountaincodebasedtechniquesforexecutingshellcodes AT kochinchang evadingantivirusdetectionusingfountaincodebasedtechniquesforexecutingshellcodes AT taihunglai evadingantivirusdetectionusingfountaincodebasedtechniquesforexecutingshellcodes |