nerdexam
EC-Council

312-50V11 · Question #218

Which Metasploit Framework tool can help penetration tester for evading Anti-virus Systems?

The correct answer is A. msfencode. msfencode is the legacy Metasploit tool that encodes payloads using schemes like shikata_ga_nai to alter byte signatures and evade antivirus detection.

Evading IDS, Firewalls, and Honeypots

Question

Which Metasploit Framework tool can help penetration tester for evading Anti-virus Systems?

Options

  • Amsfencode
  • Bmsfpayload
  • Cmsfcli
  • Dmsfd

How the community answered

(15 responses)
  • A
    93% (14)
  • C
    7% (1)

Why each option

msfencode is the legacy Metasploit tool that encodes payloads using schemes like shikata_ga_nai to alter byte signatures and evade antivirus detection.

AmsfencodeCorrect

msfencode transforms raw shellcode by applying encoding algorithms that change the binary signature of the payload, preventing static signature-based antivirus engines from recognizing it as malicious. It supports multiple encoders and can apply them iteratively to further obfuscate the payload.

Bmsfpayload

msfpayload generates raw shellcode and payloads but performs no encoding or obfuscation, so it does not on its own help evade antivirus signature detection.

Cmsfcli

msfcli is a command-line interface for executing Metasploit modules and has no encoding or AV evasion functionality of its own.

Dmsfd

msfd is the Metasploit daemon that accepts remote connections to a running Framework instance and provides no payload encoding or AV evasion capability.

Concept tested: Metasploit payload encoding for antivirus evasion

Source: https://docs.metasploit.com/docs/using-metasploit/basics/how-to-use-msfvenom.html

Topics

#msfencode#AV evasion#payload encoding#Metasploit

Community Discussion

No community discussion yet for this question.

Full 312-50V11 Practice