How to bypass Windows Defender with Embedded Resources (.rsrc)

Be better than yesterday –

In this video, we will explore the usage of the popular cross compilation tool, MinGW, in order to compile and produce a Windows EXE binary file on a Linux machine (Kali) with custom resources, such as the assembly information and icon images. This is particularly useful if you want to stick to a Linux environment for payload development.

As a bonus, the video also showcases how we can bypass Windows Defender by embedding an encrypted (AES) MSFVenom generated reverse shell payload into the resource section of the .EXE binary file.

FREE Introductory to Phishing course on Udemy:
https://www.udemy.com/course/intro-to-phishing/

Stay connected:
Twitter: https://twitter.com/gemini_security
Udemy: https://www.udemy.com/user/gemini-88/
Github: https://github.com/gemini-security
Discord: Discord: https://discord.gg/u9Qxxbamke

Template/Source files used in the video posted on Github:
https://github.com/gemini-security/How-to-bypass-Windows-Defender-with-Embedded-Resources-.rsrc-

Gemini Security Awesome Hacking T-Shirts – Support the channel:
https://www.redbubble.com/people/GeminiSecurity/shop?asc=u

References used:
https://docs.openeuler.org/en/docs/20.09/docs/ApplicationDev/using-gcc-for-compilation.html
https://blog.didierstevens.com/2018/09/17/quickpost-compiling-exes-and-resources-with-mingw-on-kali/
https://www.ired.team/offensive-security/code-injection-process-injection/loading-and-executing-shellcode-from-portable-executable-resources
https://github.com/TheD1rkMtr/FilelessPELoader/tree/main

Gemini Security Awesome Hacking T-Shirts – Support the channel:
https://www.redbubble.com/people/GeminiSecurity/shop?asc=u

Looking to donate?
BTC: 19HiqQ2Qw83mxK9dcdoWb8VfAcsNgmp52k