Since its initial release in May of 2013, the Veil Framework has been one of the go-to tools for bypassing antivirus. Veil didn’t contain anything groundbreaking, there were no 0-days, no previously unknown research. Since then, we’ve added our own take on new payloads but have always known a major update would be needed to the tool.

For this talk, I am going to start with the genesis of Veil, how it’s survived in it’s current 2.0 state, and walk through all the changes that were needed in the …