AV Evasion using PeCloak.py on Kali Linux

A little while ago, I came across a script from Mike Czumak from SecuritySift here.

It was written as an experiment in AV Evasion as part of Mike’s OSCE course, but it has uses for defenders as well such as being able to dump sections of a Windows PE file.

The script can be downloaded from the SecuritySift here. It has three requirements, these are pefile, pydasm and SectionDoubleP.

The script uses a modified version of python’s pefile, so If you have that installed, then un-install it. After you have uninstalled it, modify the code as shown below:-


Add lines 2222-2225


Add line 2254


Now change to the pefile directory and do the usual ‘python setup.py install’ to install the module as shown below:-


You should also bear in mind, that the modified version may not be compatible with other tools using pefile.

Next we need pydasm, which is part of the libdasm project on googlecode here. Next download the zip file, extract it to a directory of your choice, change to the ‘libdasm-beta’ directory and run ‘python ./setup.py install’, the output should be similar to below.


Now browse to the SectionDoubleP git repository here. Now click on ‘snapshot’ link, save the tar.gz archive to the same folder as pefile, extract the SectionDoubleP.y file to be in the same folder as pecloak.py as shown below.


Now to test if we can create an pecloaked file, first create a meterpreter binary and put it in the same directory making sure it is writeable. Let’s try to cloak it.


Happy pecloaking!!!!!

Planes,TV Tuners and Kali Linux

For a number of years, I worked within aviation as an engineer looking after flight systems such as Radars, Voice Switches and Aeronautical Radio. A while ago, I bought a Nooelec DVB-T TV tuner to play with Software Defined Radio (SDR), but I never quite got around it due to life.

Anyway, this post is about testing it to receive ADSB signals from aircraft.

The first stage is to blacklist the kernel driver ‘dvb_usb_rtl28xxu’ in /etc/modprobe.d/blacklist.local.conf.

Simply add the following to the file

blacklist dvb_usb_rtl28xxu

Now reboot your kali box and plug in your NooElec tuner, run ‘dmesg’ and you should get something like shown below.


Now git clone the rtl-sdr repo and build the software as root.

git clone git://git.osmocom.org/rtl-sdr.git
cd rtl-sdr/
mkdir build
cd build
cmake ../
make sudo
make install
sudo ldconfig

You can now run the rtl_adsb utility to test your configuration, the output should be as below.

Now that your DVB-T tuner is working you can run the command ‘rtl_adsb -V’ to do a basic test to see if you can receive any ADSB signals from aircraft. Assuming that is good then you can git clone the dump1090  repository and set it up as follows:-

git clone https://github.com/flightaware/dump1090_mr
cd dump1090

Now run the dump1090 program in interactive mode using the command ‘dump1090 –interactive’.

Below is a screen shot taken today.


As you can see ADSB provides quite a lot of information.