Since early 2018, Rapid7’s Metasploit team has been researching techniques to evade common antivirus products and integrating this knowledge into Metasploit so the broader security community can anticipate and mitigate these techniques. As a culmination of this research, we’ve created a new evasion module type in Metasploit Framework and released Metasploit’s first evasion modules. This new module type gives Framework users the ability to generate evasive payloads without having to install external tools and provides a framework for developers to build their own evasion modules based on Metasploit’s research.

For a detailed explanation of the methodology and the code encapsulating the new evasion module type, we’re also releasing a technical whitepaper by Metasploit’s research and exploit development lead, Wei Chen.

Download the paper here.

Metasploit is fortunate to have a passionate, diverse community of users and contributors who are deeply committed to open discussion and collective learning. We invite collaboration from those who build, test, and research AV software, as well as from offensive and defensive security practitioners and developers.

If you are already a Metasploit Framework user, you can access these new evasion features by checking out git pull from Github, or by grabbing the latest Metasploit 5 omnibus development package.

Metasploit is a collaboration between Rapid7 and the open source community. Together, we empower defenders with world-class offensive security content and the ability to understand, exploit, and share vulnerabilities.