04 Jul

SideStep: AV Evasion Tool

SideStep is a nice tool to bypass anti-virus software. The tool generates Metasploit payloads encrypted using the CryptoPP library, and uses several other techniques to evade AV.

SideStep generates Meterpreter shellcode, randomly generates an encryption key, and then encrypts the shellcode using AES-128bit with the random key. All variables and function names are also randomly generated.

In addition, to encrypting the shellcode and assigning random names, it also generates a configurable number of random variables with configurable value lengths. Surprisingly, this can also help evade AV.

To evade AV sandboxes, I implemented a function that checks the current time, and then loops until a configurable number of seconds have passed since the current time. As an added small time function, I have added support for generating 1024 or 2048bit DH parameters. I chose these methods as I’ve read that some AV hook sleep function calls.

SideStep can also be configured to strip debugging and other symbol information from the final executable and then randomly encode the assembly instructions using peCloak.

Source: GitHub
More info: Here..