Undetectable Malware and Scripting

Hopefully I have the right forum. I’m new to this, so forgive me. I’m learning to pentest at home, getting better and more familiar with tools in Kali. I know that free tools such as Metasploit are easily detectable, but they’re helping me learn the basics and my way around meterpreter shells, mimikatz, and avenues for privilege escalation. This leads me to my questions: rather than turning off AV (like Microsoft Defender), are there tools that I can use that actually create undetectable malware? I know I need to learn to code myself, and I will. But in the meantime, I’d like to create undetectable malware whenever I can so I get the steps down better. Metasploit and msfvenom are easily detectable even with encoding. Veil too. And for whatever reason, I cannot get TheFatRat to install and run correctly. Also, I have a question about automating. I know scripts exist that can speed up testing (premade by others, and I can learn to create some myself too). I’ve used bash scripts that can run nmap, for example, and then other tools depending on if certain ports and protocols are used. However, is it possible to create scripts that do much more? For example, is it possible to write a script that runs exploits in a certain order if your goal is privilege escalation followed by pivoting to discovered networks? Perhaps several Metasploit modules using custom (undetectable) payloads to avoid detection? It sounds like a complicated script, but I was curious if pentesters used such scripts to speed things up. Or, if even bad actors do the same? Thanks for your help. submitted by /u/j_relic [link] [comments]
http://dlvr.it/SwXgWj