I recently discovered BeEF with which someone can gain access to another PC through XSS.
I was wondering if antivirus software can detect when a PC get's hooked to BeEF.. An online search doesn't give a clear answer.
Am I safe from being hooked to BeEF if I have an active and up to date antivirus?
I was wondering if antivirus software can detect when a PC get's hooked to BeEF.
I am afraid you don't understand what BeEF is. BeEF is a browser exploitation framework that can inject malicious JavaScript into a website with XSS vulnerability. That in no way means hooking your PC, rather more like hooking your browser tab.
No, antivirus won't be good to detect such a thing.
However BeEF also has modules for exploiting browser vulnerabilities to gain code execution, but unless you are using a outdated/old browser you don't have to worry about it. Also antivirus (such as Windows Defender) is pretty good at spotting MSF shellcode, even in memory.
I was wondering if antivirus software can detect when a PC get's hooked to BeEF
No. However, it is possible for AV to detect the JS hook file in the browser's cache, similarly to how it will detect JavaScript based heap spraying libraries.
A few years ago there was an open source browser plugin "Vegan" released that showed some examples of how BeEF could be detected (https://threatvector.cylance.com/en_us/home/vegan-chrome-extension-to-defeat-beef.html). The BeEF project then added some obfuscation options to make detection less trivial.
On the other hand it is quite simple to write a smaller custom framework to do a subset of task in a BeEF like manner that would be indistinguishable from modern web page activity. AV is not really the correct solution to this problem of browser content/context security. You're more reliant on browser and web application security features like CORS, CSRF, session isolation, etc.
