Some security tools inspect files with static signatures to determine if they are known malicious. Adversaries may add data to files to increase the size beyond what security tools are capable of handling or to change the file hash to avoid hash-based blacklists.
Uses dd to add a zero to the binary to change the hash
Supported Platforms: macOS, Linux
| Name | Description | Type | Default Value |
|---|---|---|---|
| file_to_pad | Path of binary to be padded | Path | /tmp/evil-binary |
dd if=/dev/zero bs=1 count=1 >> #{file_to_pad}