Bypass Windows Defender with C++ .DLL Payload File - Meterpreter Reverse Shell

preview_player
Показать описание
Be better than yesterday -

This video showcases how it was possible to modify several publicly available tools and customise a template C++ file that will perform shellcode process injection which bypasses Windows Defender, obtaining a fully functional reverse shell on a victim's Windows machine.

It was possible to generate a .DLL payload file with cross-compilation on a Kali machine that performs shellcode process injection with AES encryption by utilising references from a publicly available Github repository.

The video provides a step-by-step walkthrough guide and a practical demonstration on how you can generate a .DLL payload file in C++ that will achieve a Meterpreter reverse shell on a Windows machine that has Windows Defender running.

The video also provides a high-level explanation on why .DLL payload files are useful, and shares an article which discuss a practical use case referencing Microsoft Teams, whereby .DLL payload files can be leveraged for persistence and proxy execution.

DISCLAIMER:
All content posted on this Youtube channel is SOLELY FOR Educational and Awareness purposes ONLY. Any actions and/or activities related to the material presented in this Youtube channel is entirely YOUR responsibility.

We DO NOT promote, support, encourage any illegal activities such as hacking, and we WILL NOT BE HELD responsible in the event of any misuse and abuse of the content resulting in any criminal charges.

Stay connected:

Github repository reference:

Github repository with the source code used:

Microsoft Teams article reference:

Gemini Security Awesome Hacking T-Shirts - Support the channel:
  1. Gemini Cyber Security
  2. ethical hacking
  3. hacking
  4. ethical hacker
  5. hacker
  6. vulnerability
Рекомендации по теме
Bypass Windows Defender 0:04:35

Bypass Windows Defender with C# - Meterpreter Reverse Shell

How to bypass 0:13:13

How to bypass Windows 11/10 Defender with Hoaxhsell & AmsiTrigger [UNDETECTED]

Bypass Windows Defender 0:11:40

Bypass Windows Defender with C++ .DLL Payload File - Meterpreter Reverse Shell

How to bypass 0:12:11

How to bypass Windows Defender with Custom C++ .EXE Payload Loader (Meterpreter Reverse Shell)

How To Bypass 0:05:48

How To Bypass FULLY Updated Windows Defender & Windows 11 With Nim for a STABLE Reverse Shell

Windows Defender Bypassed 0:08:49

Windows Defender Bypassed

bypass windows defender 0:02:45

bypass windows defender new method 2024 _GoblinzRAT

Windows Defender Antivirus 0:00:26

Windows Defender Antivirus Bypass PoC

Bypass Windows Defender 0:05:52

Bypass Windows Defender with FilelessPELoader - Mimikatz and Meterpreter

Windows Malware RAT 0:04:06

Windows Malware RAT - JSCat (Windows Defender Bypass)

Covenant C2 - 0:03:51

Covenant C2 - Bypass Windows Defender with Custom Shellcode Launcher

Can this BYPASS 0:15:58

Can this BYPASS Windows Defender???

Bypass Windows Defender 0:02:40

Bypass Windows Defender exe

Clean Macro (FUD) 0:01:47

Clean Macro (FUD) Word exploit 2023 Bypass Windows (defender)

How To ByPass 0:16:41

How To ByPass Windows Defender and Elastic Security With PowerCat! WORKS!

Windows 11 FUD 0:05:54

Windows 11 FUD Bypass Reverse-Shell C++

HAVOC C2 - 0:29:50

HAVOC C2 - Demon Bypasses Windows 11 Defender

How To Bypass 0:02:02

How To Bypass Windows Defender

Bypass Windows defender 0:00:46

Bypass Windows defender cloud protection | EZ

How to bypass 0:09:29

How to bypass Windows Defender with Embedded Resources (.rsrc)

Bypass Windows Defender 0:00:32

Bypass Windows Defender 11 | by : Charles & m.b.a.

Havoc C2 Framework 0:13:00

Havoc C2 Framework - Setup Demonstration with Windows Defender Bypass

how hackers bypass 0:07:36

how hackers bypass windows login screen!

Reverse Shell UNDETECTED 0:17:44

Reverse Shell UNDETECTED by Microsoft Defender (hoaxshell)

Комментарии
Автор

thnx bro for showcasing TheD1rkMtr tools, eager to see more, take love <3

bdboy_
Автор

Thank you very much for comparing your knowledge great brother

nhoxxz
Автор

Do you think XORing each byte with your pre-defined value could also achieve same result? It would also entirely change signature of the shellcode.

nyshone
Автор

It worked perfectly! No detection at all, however, I can't get it to connect back to Kali on port 8443? (Tried different ports too, and tried listening direclty on mfsconsole but nothing :/, any idea?

_marcobaez
Автор

Update on December 2023. Now the DycryptAES function is detected as meterpreter malware. Yes you read it right. DycryptAES=METERPRETER according to Windows defender. The very existence of this function in your code triggering the windows defender. I tested this by removing all other functions from the dll code and only keeping this function. Remember that in this code there are no shellcode. But as soon as the dll is dropped the defender is starting to scream malware!!!

TamonashGupta
Автор

Great content brother thank you for sharing your knowledge with us!

fokyewtoob
Автор

how can i inject our payload (exe file) into existing process in windows?

denst
Автор

2:26 thanks for the awesome video, btw can you share the modified code @ 2:26?

It would be better if your code editor has line number easier to refer. Thanks

wolfrevokcats
Автор

Please is there an option for a guide on bypassing antivirus like eset..?

ofekvegas
Автор

How do I create a payload with the port I want? I want a dll like that, but without using meterpeter, but a server of mine to execute shell commands

Henriqueoi
Автор

Why u don't share the last payload u make it into your repository to make it easy for us

overthinker
Автор

Pentest Active directory using sliver c2

hiddengo
Автор

I assume what’s next is turning this DLL into exe? Or embedding it to exe ? Also would it bypass smart screen filter etc ? Sorry I’m noob . Thank you.

mrri
Автор

Bro i have exe File How to extract shellcode from it

ELIAS-ogvf