Extending the Metasploit Framework to Implement an Evasive Attack Infrastructure
This work addresses the need for improved security testing tools for antivirus software developers and penetration testers, though it is incremental as it builds on existing frameworks like Metasploit and SPICE.
The paper tackled the problem of testing antivirus software against evasive malicious payloads by extending the Metasploit Framework to dynamically generate evasive binaries and deliver them via drive-by downloads, resulting in a coordinated system for reproducible tests within the SPICE framework.
Given a desired goal of testing the capabilities of mainstream antivirus software against evasive malicious payloads delivered via drive-by download, this work aims to extend the functionality of Metasploit--the penetration testing suite of choice--in a three-fold manner: (1) to allow it to dynamically generate evasive forms of Metasploit-packaged malicious binaries, (2) to provide an evasive means of delivering said executables through a drive-by download-derived attack vector, and (3) to coordinate the previous two functionalities in a manner which can be used to produce reproducible tests within the SPICE framework