One of the biggest problems faced by pentesters and red teams is evasion of antivirus solutions. Creating code that doesn't generate alerts is relatively simple, but repeating this process over and over can be tiring. For this reason, solutions such as the Veil Framework have emerged. Veil is a complete framework for evasion. It has several parameters for fine control over the final result. He was my main reference in the creation of Black Veil.
Being quite curious, I like to create my versions of things I like. Black Veil is not an upgrade, it's just something else. You can think of it as a simpler alternative, but just as functional as Veil. Let's see how it works.
Black Veil
Black Veil can be applied to any Python code. From small reverse shells to complete frameworks, exploits, malware, any solution developed in Python3 can be used. Black Veil applies a simple XOR algorithm to all code, automatically generating a key that can range from 2048 to 4096 bits. I know, XOR is extremely insecure. Keep in mind that the purpose of Black Veil is not obfuscation of the code, for that you can use PyArmor or alternatives. Black Veil aims solely and exclusively at detection evasion. And on this point, I must say, it has been successful.
This is a screenshot of a recent analisys. The payload was a custom ransomware (article on it soon) and note that only TrendMicro's solution was able to detect the threat. It is worth noting that the first time I performed this analysis was three months ago, only Cyren's MDE detected the sample. Retesting with a new signature (generated by Black Veil), the result was different. Anyway, I prefer that you, the reader, test the code with your preferred payload and see the results for yourself.
Currently, I continue to update and support Black Veil for Linux only. The reason is that I don't have a machine capable of supporting Windows nor access to a cloud environment to do my tests with the system. Black Veil is free and for any questions, just open an issue in the repository.
Thank you. :)