Using UPX packer to bypass AV

Note: This is an older post from my old GitHub pages ‘blog’. Information was correct at the time this was posted in that location, circa mid-2017.

The Signature Problem

Traditionally, AV has always been about signatures. Malware is released, AV companies reverse it, signatures are created and released, AV now detects malware (lag time between malware release and DAT update can vary) and all is well with the world.

This has always been OK for penetration testers, as they could simply pack or crypt or write their own malware for…