I have been working with the veil framework to test an internal IDS system I have in place. I have used a public malware sample which produces an 8/53 hit score on virustotal and run it through the hyperion and pescrambler veil payloads. However, the output samples either retain the initial hit score or increase (in the case of hyperion). Is this expected behavior from the veil framework? Is this due to the presence of dynamic analysis?
Are there any suggestions for generating packed and obfuscated executables with a higher degree of bypass efficacy for internal security testing?
Aucun commentaire:
Enregistrer un commentaire