Interested in learning
more about security?
SANS Institute
InfoSec Reading Room
This paper is from the SANS Institute Reading Room site. Reposting is not permitted without express written permission.
Effectiveness of Antivirus in Detecting Metasploit
Payloads
Your neighbor stops you at your curb. He knows you‟re a computer security guru and wants to know
the secret to protecting his computer from hackers. You need to get back to mowing the lawn and
don‟t really have time to explain log monitoring, patch management, vulnerability assessments,
penetration testing, least required access, the CIA triad, and the finer points of risk management. Besides,
you know you re the only guy on the block with syslog servers, hardware firewalls, IDS and HIPS watchi...
Copyright SANS Institute
Author Retains Full Rights
AD
© SANS Institute 2008,
Author retains full rights.
©
S
AN
S
In
st
itu
te
2
00
8,
A
ut
ho
r r
et
ai
ns
fu
ll
rig
ht
s.
Key fingerprint = AF19 FA27 2F94 998D FDB5 DE3D F8B5 06E4 A169 4E46
Effectiveness of Antivirus in Detecting Metasploit Payloads
Mark Baggett
1
Effectiveness of Antivirus in Detecting Metasploit Payloads
GCIH Gold Certification
Author: Mark Baggett, mbaggett@morris.com
Adviser: Rick Wanner
Accepted: March 6th 2008
© SANS Institute 2008,
Author retains full rights.
©
S
AN
S
In
st
itu
te
2
00
8,
A
ut
ho
r r
et
ai
ns
fu
ll
rig
ht
s.
Key fingerprint = AF19 FA27 2F94 998D FDB5 DE3D F8B5 06E4 A169 4E46
Effectiveness of Antivirus in Detecting Metasploit Payloads
Mark Baggett
2
Outline
Introduction................................................................................................................... 4
What is Metasploit...........................................................................................................6
Metasploit Tools – MSFPAYLOAD, MSFCLI and MSFENCODE .................................7
Using MSFPAYLOAD to Create Executab