I tried to change & add an pdf image as show in your lecture.
When I tried to run in the target device, it got detected by windows defender.
I used the payload create using Empire but it keeps on getting detected but when i tried it using nodistribute there has been no error not even one antivirus has detected the payload.
Even tired the payload create by Veil, it works fine.
Why is the payload created using Empire is getting detected?
Is it due to database not updated?
How to update database for empire?
Yeah like I said in the lectures, evading AV programs is like a cat and mouse game, sometimes some of these tools will generate detectable backdoors, that’s why I showed you more than one method to bypass AV programs, so if one method gets detected then you can try the other.
PS: always keep these tools up to date.
So how to update Empire?
If I create a new backdoor using Empire, Will it still be detected by Windows defender?
Cleanest way to avoid conflicts is to remove the old one
rm -r /opt/Empire
Then clone it and install it as shown in lecture 31.