Implant AV and EDR evasion

ProDefense / Avocado

Avocado is a powerful C2 framework written in Python with stageless implants in Rust. Avocado's implant runs seamlessly on both Linux and Windows, securely communicating with the server via mutual TLS.

MIT License

17 stars 5 forks source link

Implant AV and EDR evasion #7

Closed sadeli413 closed 1 year ago

sadeli413 commented 2 years ago

Make the implant sneaky :avocado:

sadeli413 commented 2 years ago

TODO: Add a random padding to each message, to make sure each message is a different size.

MattKeeley commented 1 year ago

One suggestion would be doing process injection. Currently you are dropping a binary onto the windows machine and you can see the implant.exe process running in Task Explorer. Spawning the process under a different task to cover tracks would be a good AV option.