In Chapter 6, Advanced Exploitation with Metasploit, we spent some time with Shellter, a tool for dynamic injection into Windows executables. Shellter did the heavy lifting by examining the machine code and execution flow of the selected executable, and identifying ways to inject shellcode without creating telltale structures in the program; the result is a highly AV-resistant executable ready to run your payload. There are a few options out there and Shellter is one of the best, but there are a couple limitations: namely, it's a Windows application and can only patch 32-bit binaries. The first limitation isn't a big problem considering how well we could run it with Wine, but depending on your perspective, this can be seen as a drawback. The second limitation isn't a big problem either, since any 32-bit application will run just fine on 64-bit Windows; but in the face of strong defenses we need more options, not fewer.

Back in Chapter 6, Advanced Exploitation with Metasploit, we were discovering quick and easy antivirus evasion for sneaking in our Metasploit payloads. In this discussion, we are taking a more advanced approach to understanding shellcode injection into Windows binaries. This time around, we'll be looking at Backdoor Factory (BDF).