Custom executable (but not generated by Metasploit) as payload
I posted a comment in a thread recently about AV picking up custom executables created as a payload, even following encoding multiple times with one or more encoders. As far as I understand it, the AVs are picking up a signature related to how Meterpreter creates the executable, rather than the content of the payload. I know that I can create an executable that isn't picked up by AVs (such as a hex-edited version of nc.exe or one with a code cave), but can I use that as the payload which is uploaded and run on the target system when the exploit has completed? I came across the custom.rb script but that's only become available within the last couple of weeks and I'm not sure it would allow me to do what I would like.
I know that I could use such a hex-edited executable packaged with a legitimate installer and use Social Engineering to have a victim run it, but I would like to go down the route of finding some software vulnerability (such as Adobe) or an unpatched vulnerability in the Windows Operating system.
Thanks for your time (and patience!).
Re: Custom executable (but not generated by Metasploit) as payload
Here is an article that is very useful in creating metasploit payloads to evade AV engines. This method gives the user alot of flexibility in obfuscating the ASM instructions to bypass AV engines.