Evading Antivirus Detection Using Fountain Code-Based Techniques for Executing Shellcodes.

In this study, we propose a method for successfully evading antivirus detection by encoding malicious shellcode with fountain codes. The Meterpreter framework for Microsoft Windows 32-bit and 64-bit architectures was used to produce the shellcode used in this investigation. The experimental results proved that detection rates were substantially decreased. Specifically, the number of detected instances using antivirus vendors for 32-bit shellcode decreased from 18 to 3, while for 64-bit shellcode, it decreased from 16 to 1. This method breaks up a malicious payload into many packets, each with their own distinct structure, and then encodes them. This obfuscation approach maintains the shellcode's integrity, ensuring correct code execution. However, in the persistence phase of the penetration testing process, this method offers an additional means of evading antivirus techniques.