1
00:00:00,330 --> 00:00:01,440
Instructor: Welcome back.

2
00:00:01,440 --> 00:00:03,719
And right now we are going to check

3
00:00:03,719 --> 00:00:07,290
out another tool that is used for generating payloads.

4
00:00:07,290 --> 00:00:10,650
And that tool is called Veil.

5
00:00:10,650 --> 00:00:13,800
Since it is not installed in Kali Linux by default,

6
00:00:13,800 --> 00:00:16,230
we must install it first.

7
00:00:16,230 --> 00:00:19,020
To do that, you can open up your terminal,

8
00:00:19,020 --> 00:00:21,720
enter the root account by typing

9
00:00:21,720 --> 00:00:24,840
in your password after the sudo su, and then

10
00:00:24,840 --> 00:00:28,803
after it you want to type the command apt get install.

11
00:00:31,119 --> 00:00:33,570
Well now since I already have veil installed,

12
00:00:33,570 --> 00:00:35,610
this will not do anything for me.

13
00:00:35,610 --> 00:00:37,590
But for you, it should start the process

14
00:00:37,590 --> 00:00:42,060
of installing Veil and that process might take some time.

15
00:00:42,060 --> 00:00:45,360
However, running this command is only the first part.

16
00:00:45,360 --> 00:00:48,570
After this installation finishes, you can clear the screen

17
00:00:48,570 --> 00:00:52,470
and type veil inside of your route terminal.

18
00:00:52,470 --> 00:00:55,410
This will for me, open up the Veil program,

19
00:00:55,410 --> 00:00:58,770
but for you it'll continue the process of installation.

20
00:00:58,770 --> 00:01:01,470
So Veil has a bunch of dependencies,

21
00:01:01,470 --> 00:01:04,349
and once you run the apt get installed veil,

22
00:01:04,349 --> 00:01:07,440
and after it you run the Veil program for the first time,

23
00:01:07,440 --> 00:01:10,470
it will ask you to install those dependencies.

24
00:01:10,470 --> 00:01:12,060
You want to click there, Yes?

25
00:01:12,060 --> 00:01:14,490
And that process will also take some time.

26
00:01:14,490 --> 00:01:17,760
It'll also have a bunch of popup windows right here

27
00:01:17,760 --> 00:01:19,920
where you want to click on next, next, next, next.

28
00:01:19,920 --> 00:01:23,190
0n each one. You don't want to change any of those settings.

29
00:01:23,190 --> 00:01:25,890
And after all the installation has finished,

30
00:01:25,890 --> 00:01:29,010
you should have Veil up and running.

31
00:01:29,010 --> 00:01:30,240
Okay, great.

32
00:01:30,240 --> 00:01:32,130
After you get Veil up and running,

33
00:01:32,130 --> 00:01:35,430
we can see right here that we get to available tools.

34
00:01:35,430 --> 00:01:39,360
The first one is Evasion and the second one is Ordinance.

35
00:01:39,360 --> 00:01:42,240
And what Veil is, there simply a program that will

36
00:01:42,240 --> 00:01:46,470
allow us to generate payloads similarly to the MSF one on.

37
00:01:46,470 --> 00:01:47,640
So let's give it a try.

38
00:01:47,640 --> 00:01:50,580
If I type use 1 and you will notice

39
00:01:50,580 --> 00:01:53,130
that the commands are similar to the MSF console.

40
00:01:53,130 --> 00:01:55,020
So to use one of these options,

41
00:01:55,020 --> 00:01:58,080
you can simply just type use 1 or use 2.

42
00:01:58,080 --> 00:02:01,320
And since I selected use evasion, as we can see.

43
00:02:01,320 --> 00:02:02,790
number 1 is a Evasion.

44
00:02:02,790 --> 00:02:05,910
It'll tell me 41 payloads loaded.

45
00:02:05,910 --> 00:02:07,950
And these are our available commands.

46
00:02:07,950 --> 00:02:10,680
So we can read information, we can list the payloads,

47
00:02:10,680 --> 00:02:12,510
we can use some payload.

48
00:02:12,510 --> 00:02:15,153
So let us list our payloads. First.

49
00:02:16,230 --> 00:02:19,560
And here we can see those 41 payloads.

50
00:02:19,560 --> 00:02:21,120
Some of them are coded in Ruby,

51
00:02:21,120 --> 00:02:22,920
some of them are coded in Python.

52
00:02:22,920 --> 00:02:25,950
We have PowerShell payloads, Pearl, Go,

53
00:02:25,950 --> 00:02:27,990
CS, C#,

54
00:02:27,990 --> 00:02:29,370
C payloads,

55
00:02:29,370 --> 00:02:32,790
and we get some auxiliary modules as well.

56
00:02:32,790 --> 00:02:36,480
Now the regular payload that we used in the MSF One,

57
00:02:36,480 --> 00:02:39,903
would most likely be this C meterpreter rev tcp pt.

58
00:02:40,890 --> 00:02:43,230
It is pretty much the same thing.

59
00:02:43,230 --> 00:02:45,000
But since we already covered something similar

60
00:02:45,000 --> 00:02:47,280
to this inside of the NSF OneOme,

61
00:02:47,280 --> 00:02:49,830
let us go with a different payload this time.

62
00:02:49,830 --> 00:02:52,920
So let's go with the PowerShell payload.

63
00:02:52,920 --> 00:02:55,020
Let's select payload number 22,

64
00:02:55,020 --> 00:02:57,540
which is PowerShell meterpreter rev tcp py.

65
00:02:57,540 --> 00:02:59,823
So we can just type use 22.

66
00:03:00,810 --> 00:03:02,580
And after you select the payload,

67
00:03:02,580 --> 00:03:05,348
it'll give you all of the available options that you can set

68
00:03:05,348 --> 00:03:08,823
for that payload before you generate it and create it.

69
00:03:09,870 --> 00:03:12,930
Here we can see domain, hostname, Lhost,

70
00:03:12,930 --> 00:03:17,070
local port, minbrowsers, minprocesses, minRAM,

71
00:03:17,070 --> 00:03:18,960
processors, sleep time,

72
00:03:18,960 --> 00:03:22,530
and these options you can use and change as you like.

73
00:03:22,530 --> 00:03:24,630
Some of them might actually help you bypass

74
00:03:24,630 --> 00:03:26,730
some of the antiviruses such as, for example,

75
00:03:26,730 --> 00:03:31,080
this sleep option right here, sleep this amount of seconds.

76
00:03:31,080 --> 00:03:34,170
So whatever we set right here, that amount of seconds

77
00:03:34,170 --> 00:03:36,390
our payload will sleep after execution

78
00:03:36,390 --> 00:03:40,440
before establishing the connection with our listen.

79
00:03:40,440 --> 00:03:42,270
So, let's set that right way.

80
00:03:42,270 --> 00:03:45,630
Let's set sleep to be 20 seconds.

81
00:03:45,630 --> 00:03:47,010
What does this mean once again?

82
00:03:47,010 --> 00:03:49,650
Well, once the target executes our program,

83
00:03:49,650 --> 00:03:51,660
the program will sleep for 20 seconds,

84
00:03:51,660 --> 00:03:53,040
it will not do anything,

85
00:03:53,040 --> 00:03:54,510
and then after 20 seconds,

86
00:03:54,510 --> 00:03:58,380
it'll establish the connection with our listener.

87
00:03:58,380 --> 00:04:00,750
Another thing that we must set is the local host.

88
00:04:00,750 --> 00:04:03,400
And for that we must know our IP address

89
00:04:05,760 --> 00:04:07,350
and it is dot 1 dot 12.

90
00:04:07,350 --> 00:04:08,310
So I'll go right here.

91
00:04:08,310 --> 00:04:12,543
Type set Lhost 192 dot 168, dot 1 dot 12.

92
00:04:13,650 --> 00:04:16,110
And if I type generate, as we can see

93
00:04:16,110 --> 00:04:19,050
by the available commands rate here to generate the payload,

94
00:04:19,050 --> 00:04:21,572
we simply type generate press enter.

95
00:04:22,530 --> 00:04:23,640
Please enter the base name

96
00:04:23,640 --> 00:04:27,723
for the output files and let's call it power payload.

97
00:04:29,010 --> 00:04:30,900
Meaning a PowerShell payload.

98
00:04:30,900 --> 00:04:34,830
I will click here, enter and the payload has been created.

99
00:04:34,830 --> 00:04:37,260
We can see right here, language PowerShell,

100
00:04:37,260 --> 00:04:39,750
payload module is the one that we selected.

101
00:04:39,750 --> 00:04:42,750
Source code is written to this path right here

102
00:04:42,750 --> 00:04:45,090
and we will notice that it is written inside

103
00:04:45,090 --> 00:04:47,430
of the dot bat file.

104
00:04:47,430 --> 00:04:49,740
And Metasploit resource file written

105
00:04:49,740 --> 00:04:51,810
to this location right here.

106
00:04:51,810 --> 00:04:54,720
And the two things that we're interested in are

107
00:04:54,720 --> 00:04:58,170
these two things, the Metasploit Resource file

108
00:04:58,170 --> 00:04:59,343
and this source code.

109
00:05:00,180 --> 00:05:03,570
Now this source code, which is dot bat,

110
00:05:03,570 --> 00:05:06,360
is something that we want to convert to EXE.

111
00:05:06,360 --> 00:05:10,260
Now even though on window systems dot bat file is runable,

112
00:05:10,260 --> 00:05:12,060
but this will get triggered by

113
00:05:12,060 --> 00:05:15,210
any antivirus program out there

114
00:05:15,210 --> 00:05:18,780
Since it is just a basic code that executes commands,

115
00:05:18,780 --> 00:05:21,690
it will get triggered by any antivirus.

116
00:05:21,690 --> 00:05:23,340
We want to convert it to EXE,

117
00:05:23,340 --> 00:05:24,840
and how are we going to do that?

118
00:05:24,840 --> 00:05:27,100
Well, we can go to Firefox

119
00:05:28,890 --> 00:05:30,900
and there is a really good tool that is used

120
00:05:30,900 --> 00:05:33,990
to convert bat programs to EXE files,

121
00:05:33,990 --> 00:05:36,633
and we're going to download it from GitHub.

122
00:05:37,710 --> 00:05:40,380
So if I type right here,

123
00:05:40,380 --> 00:05:44,207
bat 2 EXE, or b2e GitHub,

124
00:05:45,360 --> 00:05:47,853
and I navigate right here to the first link,

125
00:05:49,110 --> 00:05:50,280
I copy the tool.

126
00:05:50,280 --> 00:05:52,920
We can see the tool is an actual zip file

127
00:05:52,920 --> 00:05:55,830
so we must unzip it as soon as we download it.

128
00:05:55,830 --> 00:05:58,830
So let's go right here, go to the second terminal,

129
00:05:58,830 --> 00:06:02,170
let's install the tool on our desktop,

130
00:06:02,170 --> 00:06:03,840
and I will type git clone,

131
00:06:03,840 --> 00:06:07,323
and then paste the link to the tool.

132
00:06:08,340 --> 00:06:10,950
After the tool is installed, we can change the directory

133
00:06:10,950 --> 00:06:13,170
to the tool and if I type LS,

134
00:06:13,170 --> 00:06:16,860
here is the bat to EXE converter as a zip file.

135
00:06:16,860 --> 00:06:19,710
To unzip it, we can type the command, unzip,

136
00:06:19,710 --> 00:06:24,710
and then bat to EXE and it will unzip our file

137
00:06:24,870 --> 00:06:29,700
Clear the screen, type LS, and we will get an EXE file.

138
00:06:29,700 --> 00:06:31,770
Hmm, is this a problem?

139
00:06:31,770 --> 00:06:34,860
We know that EXE files can only be ran inside of a Windows,

140
00:06:34,860 --> 00:06:39,660
but remember we have wine program installed.

141
00:06:39,660 --> 00:06:43,260
Let's get a quick reminder of what wine is.

142
00:06:43,260 --> 00:06:45,060
Wine is a program that allows us to

143
00:06:45,060 --> 00:06:48,390
execute Windows files inside of Linux.

144
00:06:48,390 --> 00:06:50,070
So let's give it a try.

145
00:06:50,070 --> 00:06:55,070
If I type wine and then the program name, press enter.

146
00:06:55,320 --> 00:06:58,530
Let's give it a few seconds and here it is.

147
00:06:58,530 --> 00:06:59,670
It opened the program.

148
00:06:59,670 --> 00:07:00,703
So we must set up the program.

149
00:07:00,703 --> 00:07:03,991
I will set the language to be English, click on, Okay

150
00:07:03,991 --> 00:07:05,580
I accept the agreement.

151
00:07:05,580 --> 00:07:08,100
Of course we're not going to read all of this.

152
00:07:08,100 --> 00:07:10,110
Then click on next,

153
00:07:10,110 --> 00:07:14,070
click once again on next, and click right here on next.

154
00:07:14,070 --> 00:07:17,430
After it, on the last step we can click on install.

155
00:07:17,430 --> 00:07:18,630
We want to check right here

156
00:07:18,630 --> 00:07:22,380
launch bat to EXE converter and click on finish.

157
00:07:22,380 --> 00:07:23,250
And here it is.

158
00:07:23,250 --> 00:07:26,250
It opened our bat to EXE converter.

159
00:07:26,250 --> 00:07:30,240
So now what we want to do is this payload that we generated,

160
00:07:30,240 --> 00:07:33,750
which is inside of this location as a dot bat file,

161
00:07:33,750 --> 00:07:37,980
we want to convert to EXE using this program.

162
00:07:37,980 --> 00:07:40,590
So we must open it inside of this program first.

163
00:07:40,590 --> 00:07:44,610
To do that, we want to go onto file and then open.

164
00:07:44,610 --> 00:07:47,100
Now we must go to this location right here.

165
00:07:47,100 --> 00:07:48,870
So let's click on this arrow.

166
00:07:48,870 --> 00:07:53,820
Let's go to the slash location, find var,

167
00:07:53,820 --> 00:07:56,013
then find lid.

168
00:07:57,210 --> 00:08:00,240
Then the next part is Veil, so we must go and

169
00:08:00,240 --> 00:08:02,580
find the Veil program. Here it is.

170
00:08:02,580 --> 00:08:04,590
And inside of the output

171
00:08:04,590 --> 00:08:08,850
and source is our power payload dot bat.

172
00:08:08,850 --> 00:08:10,470
Let's double click it

173
00:08:10,470 --> 00:08:13,650
and it'll open the code of our payload.

174
00:08:13,650 --> 00:08:15,243
Here it is right here.

175
00:08:16,110 --> 00:08:18,750
Now we have some of the options right here

176
00:08:18,750 --> 00:08:20,730
that we can change if we want to.

177
00:08:20,730 --> 00:08:23,280
You can add an icon by checking this

178
00:08:23,280 --> 00:08:26,370
and then selecting the icon from your system.

179
00:08:26,370 --> 00:08:29,370
But we are not going to be doing that at the moment.

180
00:08:29,370 --> 00:08:31,740
Another thing that you can do, you can set the password

181
00:08:31,740 --> 00:08:33,659
you can change the working directory,

182
00:08:33,659 --> 00:08:35,460
you can change the EXE format

183
00:08:35,460 --> 00:08:38,130
to be something out of these four,

184
00:08:38,130 --> 00:08:41,520
and double select to be 64 bit windows invisible

185
00:08:41,520 --> 00:08:44,850
because I am attacking a 64 bit Windows machine.

186
00:08:44,850 --> 00:08:48,030
You can request administrator privileges at the run time.

187
00:08:48,030 --> 00:08:49,140
So this is sometimes good,

188
00:08:49,140 --> 00:08:51,230
if you want your target to run the pay

189
00:08:51,230 --> 00:08:53,790
up as an administrator, but keep in mind,

190
00:08:53,790 --> 00:08:56,610
once they double click the program, if this was selected

191
00:08:56,610 --> 00:08:59,580
then they will have to input the administrator password.

192
00:08:59,580 --> 00:09:00,960
So that is just another step

193
00:09:00,960 --> 00:09:03,480
before they actually execute the program.

194
00:09:03,480 --> 00:09:05,970
We're not going to be checking that right now.

195
00:09:05,970 --> 00:09:08,190
Another thing that you can do is this packer,

196
00:09:08,190 --> 00:09:10,860
you can enable the upx compression.

197
00:09:10,860 --> 00:09:13,230
But enabling this will just trigger more

198
00:09:13,230 --> 00:09:14,610
and more antivirus softwares

199
00:09:14,610 --> 00:09:17,010
because upx is a really known packer

200
00:09:17,010 --> 00:09:21,120
and it was used a lot to pack malicious programs.

201
00:09:21,120 --> 00:09:23,870
So there is nothing really here that we want to change.

202
00:09:24,780 --> 00:09:28,020
And once you set all of the settings to your liking,

203
00:09:28,020 --> 00:09:29,940
you can go right here on the converter

204
00:09:29,940 --> 00:09:32,460
and then on convert.

205
00:09:32,460 --> 00:09:35,040
Here you want to select the name of your payload

206
00:09:35,040 --> 00:09:37,860
and we can just call it

207
00:09:37,860 --> 00:09:41,610
PS payload, standing for PowerShell payload.

208
00:09:41,610 --> 00:09:45,180
It is an EXE format, so we can just save it.

209
00:09:45,180 --> 00:09:46,740
And if I click on, okay,

210
00:09:46,740 --> 00:09:50,490
it will create our EXE file as we can see down here.

211
00:09:50,490 --> 00:09:51,963
Process finished.

212
00:09:52,830 --> 00:09:55,260
Here, we can see where our file has been saved.

213
00:09:55,260 --> 00:09:57,990
It is in slash var lib veil output source,

214
00:09:57,990 --> 00:09:59,853
and then PS payload dot EXE.

215
00:10:01,410 --> 00:10:02,670
Okay, great.

216
00:10:02,670 --> 00:10:04,840
Now the next thing that we must do to check

217
00:10:05,687 --> 00:10:08,490
out whether this payload works is to run MSF console.

218
00:10:08,490 --> 00:10:12,060
And while it is running MSF console, what I'm going to do

219
00:10:12,060 --> 00:10:15,270
is I'm going to navigate to the Veil directory.

220
00:10:15,270 --> 00:10:18,720
So I will open folder,

221
00:10:18,720 --> 00:10:20,130
I will go to file system

222
00:10:20,130 --> 00:10:22,320
then go right here to var,

223
00:10:22,320 --> 00:10:24,570
navigate to lib all the way down.

224
00:10:24,570 --> 00:10:25,803
I will go to Veil,

225
00:10:27,330 --> 00:10:29,250
then output

226
00:10:29,250 --> 00:10:33,840
source, and here is our power shell payload dot EXE.

227
00:10:33,840 --> 00:10:37,290
Let us scope it to our target desktop.

228
00:10:37,290 --> 00:10:41,160
So I will just drag it onto the desktop of my target machine

229
00:10:41,160 --> 00:10:43,953
and here is our PowerShell payload dot EXE.

230
00:10:44,790 --> 00:10:47,910
If I go right here, open the Metasploit framework,

231
00:10:47,910 --> 00:10:50,430
and I go back to the Veil first,

232
00:10:50,430 --> 00:10:53,400
copy this Metasploit resource file,

233
00:10:53,400 --> 00:10:54,783
copy its entire path,

234
00:10:56,190 --> 00:10:59,700
and type resource and then paste this.

235
00:10:59,700 --> 00:11:01,110
What this is going to do is,

236
00:11:01,110 --> 00:11:03,510
it will set up the listener automatically.

237
00:11:03,510 --> 00:11:06,210
That is made for this exact payload.

238
00:11:06,210 --> 00:11:07,530
As we can see right here,

239
00:11:07,530 --> 00:11:11,310
it started reverse TCP handler on this IP address,

240
00:11:11,310 --> 00:11:15,120
on this port and it's doing all of that in the background.

241
00:11:15,120 --> 00:11:19,230
So all I'm left to do is execute this payload.

242
00:11:19,230 --> 00:11:22,200
Now in this case we can see the console of this payload,

243
00:11:22,200 --> 00:11:24,360
which is something that we don't really want.

244
00:11:24,360 --> 00:11:27,450
It only showed for a brief few seconds.

245
00:11:27,450 --> 00:11:29,550
But that is something that you can change inside

246
00:11:29,550 --> 00:11:31,920
of your bat to EXE converter.

247
00:11:31,920 --> 00:11:35,280
So let's wait for a few seconds and in just a few seconds,

248
00:11:35,280 --> 00:11:38,250
we should receive the Meterpreter session.

249
00:11:38,250 --> 00:11:40,650
And remember why it is taking so long is

250
00:11:40,650 --> 00:11:44,040
because inside of the Veil, we set 20 seconds to wait

251
00:11:44,040 --> 00:11:45,780
before establishing connections.

252
00:11:45,780 --> 00:11:49,653
And here it is regarding Meterpreter session 1 opened.

253
00:11:51,030 --> 00:11:52,800
Let's see whether we can execute command.

254
00:11:52,800 --> 00:11:55,290
So I clear the screen, type sessions.

255
00:11:55,290 --> 00:11:57,300
We have one session active

256
00:11:57,300 --> 00:11:59,850
and I will enter it using the dash I command

257
00:11:59,850 --> 00:12:03,510
get user id and we are on that target machine.

258
00:12:03,510 --> 00:12:06,990
We can enter the shell as usual type who am I,

259
00:12:06,990 --> 00:12:10,923
where this account and everything seems to work. Great.

260
00:12:11,880 --> 00:12:15,510
So we managed to create another type of payload

261
00:12:15,510 --> 00:12:17,820
that wasn't the same as in the previous video.

262
00:12:17,820 --> 00:12:20,700
And to just prove you that I can go right here

263
00:12:20,700 --> 00:12:24,270
to the virus total and we can upload the payload

264
00:12:24,270 --> 00:12:27,630
to see how many antiviruses managed to detect it.

265
00:12:27,630 --> 00:12:29,880
With the regular MSF 1 on payload,

266
00:12:29,880 --> 00:12:34,880
we got about 53 or 54 detection rate out of 60 antiviruses.

267
00:12:36,090 --> 00:12:38,370
Let's see how much we get right now.

268
00:12:38,370 --> 00:12:41,160
Let's go and find the payload.

269
00:12:41,160 --> 00:12:45,993
And it is once again in slash var, slash lib,

270
00:12:46,980 --> 00:12:51,600
slash veil, in the output folder and in the source folder.

271
00:12:51,600 --> 00:12:52,560
Here it is.

272
00:12:52,560 --> 00:12:54,960
I will select it, confirm the upload,

273
00:12:54,960 --> 00:12:57,240
and we should have a much lower detection rate,

274
00:12:57,240 --> 00:13:00,030
than with the regular MSF one on payload.

275
00:13:00,030 --> 00:13:03,480
And once again, read the usage of this bat to EXE converter.

276
00:13:03,480 --> 00:13:05,100
You can change some of these settings

277
00:13:05,100 --> 00:13:07,590
and you might even get lower detection rate

278
00:13:07,590 --> 00:13:09,360
but it will never be zero.

279
00:13:09,360 --> 00:13:11,910
Why? Well, if I just go right here

280
00:13:11,910 --> 00:13:16,620
and I delete the entire code and type some random code,

281
00:13:16,620 --> 00:13:18,963
which doesn't do pretty much anything,

282
00:13:19,800 --> 00:13:22,350
and if I were to convert this code to EXE,

283
00:13:22,350 --> 00:13:26,070
it will still get detected by a lot of antivirus vendors.

284
00:13:26,070 --> 00:13:28,320
You might be asking why since this right here

285
00:13:28,320 --> 00:13:30,900
is not any type of a malicious code,

286
00:13:30,900 --> 00:13:32,910
well that is because we are using this tool

287
00:13:32,910 --> 00:13:37,170
bat to EXE, and some antivirus vendors find files

288
00:13:37,170 --> 00:13:40,140
malicious even though they might not be just because you

289
00:13:40,140 --> 00:13:42,540
converted a bat file to an EXE.

290
00:13:42,540 --> 00:13:45,692
That is pretty much the only reason and frequency rate here,

291
00:13:45,692 --> 00:13:47,910
we get a much lower detection rate

292
00:13:47,910 --> 00:13:50,370
than with the regular MSF one on payload.

293
00:13:50,370 --> 00:13:53,043
We get 27 out of 67,

294
00:13:54,120 --> 00:13:57,810
So we managed to bypass about 20 to 30 more antiviruses

295
00:13:57,810 --> 00:14:00,960
just by creating a PowerShell payload with Veil,

296
00:14:00,960 --> 00:14:04,290
instead of using a regular MSF one on payload.

297
00:14:04,290 --> 00:14:06,300
Great. So what did we learn in this video?

298
00:14:06,300 --> 00:14:08,670
Well, we covered this tool called Veil.

299
00:14:08,670 --> 00:14:10,890
You can experiment with other options as well

300
00:14:10,890 --> 00:14:13,740
and you might get even lower detection rate.

301
00:14:13,740 --> 00:14:15,120
We also covered this BAT

302
00:14:15,120 --> 00:14:19,320
to EXE tool that we can use to convert the BAT files to EXE.

303
00:14:19,320 --> 00:14:20,370
And we also know that

304
00:14:20,370 --> 00:14:22,980
no matter what type of file we convert to EXE,

305
00:14:22,980 --> 00:14:25,800
it will still get detected by some of the antiviruses,

306
00:14:25,800 --> 00:14:28,353
just because we used a tool like this.

307
00:14:29,190 --> 00:14:30,510
Okay, great.

308
00:14:30,510 --> 00:14:31,770
Now that we covered this,

309
00:14:31,770 --> 00:14:35,970
we can proceed with our payloads in the next video.

310
00:14:35,970 --> 00:14:36,803
See you there.