Bypassing Windows Defender & AVs with an LNK Exploit to Gain a Reverse Shell
1 min read
Summary
Cyber security researcher has demonstrated how to sidestep Windows Defender and anti-virus software to establish a reverse shell.
This is achieved by first generating a reverse shell, usually using a program such as Villain, and encoding the shell in a form that will not be identified by antivirus software.
This script is then saved as a .ps1 file and accessed via an LNK shortcut using PowerShell, which will invoke the script and grant the attacker access.
This combination of encoded malicious script and LNK shortcut is a common method used by hackers, who will typically use social engineering to persuade the victim to click on the LNK shortcut.
Pressing a key, or using social engineering, the attacker can remotely connect to the compromised system.
The researcher stressed this was purely an educational experiment to better understand the types of methods used by malicious actors.