Great post written by Mubix, that explains a really interesting technique to bypass an Antivirus running in a Windows h ost.
Mubix points out to a DLL writ ten by Didier Stevens that will suspend a process and its threads after a delay. The idea behind is sending the Antivirus process to sleep in order to avoid detection during the pentest.
I understan d that the DLL must be uploaded to the host before it is loaded onto the memory process and, perhaps, this can be used by the Antivirus to flag the DLL before we have a chance to load it. I wonder if this also can be d one by Meterpreter without writing to disk.