05-31-2023, 07:31 PM
I've been working on a RDP backdoor that works -- it adds new firewall rules, creates a new RDP user, downloads a vpn software and connects thru cmd.exe, then establishes persistence by adding a program (located at HKCU:\Software\Microsoft\Windows\CurrentVersion\Run) that uses cmd to reconnect to the VPN using PS1. Only problem is that it is flagged by windows defender as a backdoor. I tried AMSITrigger, and it came back as clean.
Some questions:
How can I find out which lines are problematic?
Does there exist a virus scanner that doesn't send samples to the glowies?
Does anyone have any experience with deploying malware to the masses? I was looking at malvertising, but I assume it'll be a bitch to put together a website and get people to download + click an unsigned .exe.
Thanks
Some questions:
How can I find out which lines are problematic?
Does there exist a virus scanner that doesn't send samples to the glowies?
Does anyone have any experience with deploying malware to the masses? I was looking at malvertising, but I assume it'll be a bitch to put together a website and get people to download + click an unsigned .exe.
Thanks