Antivirus Evasion with AES Encryption

Introduction

Welcome to this new article, today I am going to show you how to evade some Antivirus with encryption technique, this technique will be based on using AES Encryption to keep the shellcode encrypted. In this case the static AV can’t discover your malicious payload, but when you execute the payload are detected by dynamic AV, but this i bypass in next’s articles, in this only i bypass this static detections.

Basically what will happen is that the malicious payload will be encrypted with AES, the OS see one payload encrypted but logically it’s not readable for them, the problem is when in time of execution from malicious EXE the payload need to be decrypted to execute himself after. In this moment the dynamic AV detect your payload, but all the static detections are bypassed with this way (in payload).

What is AES Encryption?

https://cybernews.com/resources/what-is-aes-encryption/

In short, AES is a symmetric type of encryption, as it uses the same key to both encrypt and decrypt data.

It also uses the SPN (substitution permutation network) algorithm, applying multiple rounds to encrypt data. These encryption rounds are the reason behind the impenetrability of AES, as there are far too many rounds to break through.