This blog post mentions some ways of evading AV software, but I don't understand what they mean by wrapping an executable in a python script and inserting it into a good executable. Is that any different from metasploit's templates you can use for payloads?

Also what do they mean by exporting it to a Python Array? You can't run Poison Ivy from a Python array.


The evasion technique is pretty simple, wrap the executable into a python script (you can also use perl and Ruby) then insert it into a good executable or export to a new one.

Poison Ivy - Straight export to Python Array. Pretty sad that it worked actually. This is where I had hoped to create some alerts that I would have had to suppress.

LHYX1 has a great Python script for evading AV, is there anything else you can do with Python to evade AV?