Wednesday, 16 December 2015

redpill Hacker 4 and Anti-Virus

redpill routinely test redpill Hacker against Anti-Virus detection and improve its Anti-Virus Counter Detection techniques and measures.

Tests done on 2015/12/16 had the following results:

The heavyweight payloads had a detection rate of 9 out of 43 (Only 9 of the top 43 Anti-Virus packages could detect redpill Hacker payloads).

The lightweight payloads had a detection rate of 1 out of 43 (Only 1 of the top 43 Anti-Virus packages could detect a lightweight payload).

For more information about lightweight payloads see: Document Grabber

Why is the detection rate not zero? See Spy Programs vs Anti-Virus

Things to remember to keep your redpill Hacker detection rate down:

Each customer gets a unique build of redpill Hacker to reduce the risk of detection. Each payload you create is different, but the more times your payloads are scanned, the greater the risk becomes that Anti-Virus companies can find a unique 'fingerprint' within all your payloads.

If that happens, your success rate will start to drop as more and more Anti-Virus packages start to detect and remove your installations. The only way to fix this would be to get a rebuild from redpill. redpill charges a fee for the rebuild.

To reduce your exposure to Anti-Virus scans, do the following:
  • When doing a large scale attack, use a multi-phase attack, link or payload website. If you use your payload as attachment, the payload will be scanned each time the email is delivered even if it is not opened.
  • Add the folder you use to store your payloads to your list of folders that should be excluded from scans. By default it is Documents > redpill Hacker. 
  • Include your redpill Hacker program folder also to your list of folders that should be excluded from scans
  • Never test your payloads virus detection rate with multiple virus scan websites like megascan. Your payload will be scanned against all anti-virus packages..

For more information about redpill Hacker see: