MUST READ

Critical ASP.NET flaw hits QNAP NetBak PC Agent

 | 

Ransomware payments hit record low: only 23% Pay in Q3 2025

 | 

X warns users to re-enroll passkeys and YubiKeys for 2FA by Nov 10

 | 

Memento Labs, the ghost of Hacking Team, has returned — or maybe it was never gone at all.

 | 

Crafted URLs can trick OpenAI Atlas into running dangerous commands

 | 

Linux variant of Qilin Ransomware targets Windows via remote management tools and BYOVD

 | 

Wordfence blocks 8.7M attacks exploiting old GutenKit and Hunk Companion flaws

 | 

Safepay ransomware group claims the hack of professional video surveillance provider Xortec

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 68

 | 

Russian Rosselkhoznadzor hit by DDoS attack, food shipments across Russia delayed

 | 

CVE-2025-59287: Microsoft fixes critical WSUS flaw under active attack

 | 

U.S. CISA adds Microsoft WSUS, and Adobe Commerce and Magento Open Source flaws to its Known Exploited Vulnerabilities catalog

 | 

Summoning Team won Master of Pwn as Pwn2Own Ireland Rewards $1,024,750

 | 

China-linked hackers exploit patched ToolShell flaw to breach Middle East telecom

 | 

Pwn2Own Day 2: Organizers paid $792K for 56 0-days

 | 

Lazarus targets European defense firms in UAV-themed Operation DreamJob

 | 

U.S. CISA adds Motex LANSCOPE flaw to its Known Exploited Vulnerabilities catalog

 | 

Over 250 attacks hit Adobe Commerce and Magento via critical CVE-2025-54236 flaw

 | 

Cyberattack on Jaguar Land Rover inflicts $2.5B loss on UK economy

 | 

PhantomCaptcha targets Ukraine relief groups with WebSocket RAT in October 2025

 | 

Techniques for the manipulation of malicious payloads to improve evasion

Pierluigi Paganini January 24, 2017

Security researchers at the iSwatlab have conducted an analysis of a few methods for the creation of some malicious payloads or shellcodes.

This work compares some infamous methods for the creation of malicious payloads or shellcodes. These payloads must be used to create a remote connection between the victim’s machine and the attacker’s machine that wants to listen and, once a connection is successfully established, obtain sensitive information or make an attack to that user. Their creation was made by using some free tools, running on a Kali Linux machine, that are:

  • Metasploit
  • Veil framework
  • TheFatRat

This comparison is made according to the capability of malicious payloads in bypassing default security systems available on Windows machines and antivirus systems on the market, looking for a way to obtain a payload that manages to be invisible simultaneously to several security systems. Security systems embedded on Windows that have been used and tested for this work are:

  • Windows Defender
  • Windows Firewall
  • Windows SmartScreen

Online scanners have been also used, which perform a check of created files using multiple antivirus engines simultaneously. Scanners then used in this work were:

  • OPSWAT Metadefender
  • Scan4you/Poison Scanner

For each of the used tools, the following table shows the best results obtained by malicious payload creation. Remember that to obtain a good result means being able to bypass Windows security systems (denoted as “Yes” or “No” in the table) and some online scanners (denoted in the table by the number of antivirus solutions which recognize malicious payload on the total number of executed antivirus).

malicious payloads manipulation

(* – Windows SmartScreen can block malicious payload if it is downloaded from the Internet; otherwise, Windows SmartScreen not considers it as malicious)

malicious payloads manipulation

In this report, configured systems for payloads production and testing will be briefly introduced, as well as, to show and to discuss the results from different methodologies trying to create a FUD (fully undetectable) backdoor.

Enjoy the report!

About the Author Prof Corrado Aaron Visaggio

aaron-visaggioCorrado Aaron Visaggio is an assistant professor of Software Security of the MsC in Computer Engineering at the University of Sannio, Italy. He obtained the PhD in computer engineering aWashingsity of Sannio (Italy). His research interests include malware analysis, software security,code assessment, and data privacy. He is the author of more than 70 papers published in international journals, international and national conference proceedings, and books. 
He is responsible of the ISWATLAB a laboratory on Software Security research at the University of Sannio. 
He is member of the CINI CyberSecurity Lab. member of the CINI CyberSecurity Lab. member of the CINI CyberSecurity Lab. 
He is member of the European CyberSecurity Organization at EU.member of the European CyberSecurity Organization at EU.member of the European CyberSecurity Organization at EU.
[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(Security Affairs – malicious payloads, malware)

[adrotate banner=”13″]

cyber security malicious payloads malware Pierluigi Paganini Security Affairs

you might also like

Pierluigi Paganini October 28, 2025
Critical ASP.NET flaw hits QNAP NetBak PC Agent
Read more
Pierluigi Paganini October 28, 2025
Ransomware payments hit record low: only 23% Pay in Q3 2025
Read more

leave a comment

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

Critical ASP.NET flaw hits QNAP NetBak PC Agent

Security / October 28, 2025

Ransomware payments hit record low: only 23% Pay in Q3 2025

Cyber Crime / October 28, 2025

X warns users to re-enroll passkeys and YubiKeys for 2FA by Nov 10

Security / October 28, 2025

Memento Labs, the ghost of Hacking Team, has returned — or maybe it was never gone at all.

APT / October 27, 2025

Crafted URLs can trick OpenAI Atlas into running dangerous commands

Hacking / October 27, 2025