Geek Culture
Published in

Geek Culture

The Hacker’s Cat-and-mouse cycle

photograph by Hardik Pandey on pixahive

So recently I’ve taken this hacking course and as I was going through the QnA there were thousands of Questions saying that “Attack is being detected by Windows defender”, “You need to update the course, the attacks are not working”, “Attack not bypassing antivirus” and etc. At first, I felt frustrated too, because I had purchased this course to learn how to hack without antiviruses detecting my attacks, but each and every time it would detect it.

Thats when I learn about the Hackers Cat-and-mouse cycle, and I want to clear up what it is, how it is related to those questions, and what is the solution to it.

To understand what it is, firstly we have to see how antiviruses work.

How antiviruses work?

Antiviruses don’t use any sort of machine learning or artificial intelligence or any sort of complex code. To put it simply, they have a database, a massive database, that has all the different malware files that have existed over the years. Once any file is downloaded it will first compare the files code to the malware file database, and if it finds a match then it means that the file is a malware, and it will block the file from either running or downloading.

How is this antivirus database made?

Obviously, not every hacker/cybersecurity expert has the same mind, and each person can make a different code for hacking. To gain as much as hacking scripts as possible, antivirus companies get data from different websites such as virustotal. Virustotal is a website where you can check whether your malware file bypasses antiviruses or not. This websites also send the malware files that we give it to check, to the different antivirus companies associated with. The database is updated by adding these files.

And that is why premade hacking scripts, such as those from Veil are most of the time detected. Its just because it is already stored in the database.

How do you bypass this

One solution to this problem, is to either modify or make new hacking scripts. If the script is new, then the file will not be present in the Antivirus database and hence it won’t be detected. If a premade virus file is changed, then again the code match won’t be found.

Hence the green bracketed case is True and so the file is allowed to run and download.

Another solution would be to check for updates in the software you use to get your premade hacking scripts. That way, the files won’t be present in the antivirus database, and therefore again the green bracketed case would be true.

And that’s it. If your attacks don’t work if you are using a premade hacking script and it isn’t working, remember the cat-and-mouse cycle.

I hope you enjoyed! Thank you for reading!

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store