Bypass by changing or obfuscating the contents of the file in order to break the identifying bye sequence/signature
This is typically done by trial and error. Some antivirus can be tricked by changing strings from upper to lower case, other times it requires more complicated manipulation of the payload.
Best thing to do is recreate the attack environment and try to bypass the antivirus before launching the real attack
Heuristic
Relies on rules or an algorithm to determine of the actions a program is taking are considered malicious
Steps through the instruction set or attempts to decompile and then analyze the source code.
Behavioral-Based
Executes the file in an emulated environment such as a small virtual machine and looks for behaviors or actions that are considered to be mailicious
Tools
Shellter
Free dynamic shellcode injection tool
Backdoors valid and non-malicious executable files with a malicious shellcode payload
Ebowla
Encrypts executable payloads with environment variables
Encrypting with environment variables means the executable payload will not work in environments/on computers that do not match the variables.
If someone opens a file on their home computer, it will not execute because the domain will not match.
Edit genetic.config to create exe shell
Output type = GO
payload_type = <format of input payload file>
[[ENV_VAR]]
input any environment variables to encrypt payload with