Posts

Showing posts from January, 2019

Bypassing Antivirus ( Cisco AMP for endpoint)

Dear All, Its been a while that we have not updated this forum. Today we will talk about the AV bypassing or to check if your antivirus is really what they are claiming, So i have start testing the CISCO AMP for endpoint, it was detecting the netcat file (nc.exe) as a remote monitoring tool and was keep on deleting it. To bypass the AV i copied the nc.exe to an excluded directory which i already knew. Or in your case you have to perform below actions on a VM or another machine which do not have Cisco AMP installed. So lets start the bypassing process. We will assume that we copy our nc.exe in below directory: C:\excluded\   Open powershell (by press windows+R button and type powershell). Move to excluded directory in powershell cd C:\excluded\ Type following commands in power shell. Replace the nc.exe with the your exe name which you want not to detected by Antivirus.  add-content '.\nc.exe' `0 remember the  `0 Hit enter You are all good. This exec