Bypassing perimeter security with VHD files

sudo dd if=/dev/zero of=/tmp/image.raw bs=1M count=5
sudo losetup -P /dev/loop0 /tmp/image.raw
gparted /dev/loop0
  • Device -> create partition table and use the defaults (msdos)
  • Partition -> New -> create a primary partition and use ntfs as the filesystem
  • Edit -> apply all operations
mkdir /tmp/img
sudo mount /dev/loop0p1 /tmp/img
echo 'X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*' > /tmp/img/eicar.com
sudo umount /tmp/img
sudo losetup -d /dev/loop0
VBoxManage convertfromraw image.raw image.vhd --format VHD --variant Fixed

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store