On a recent pentest I had as main objective to gain access into a database of a client which had a few websites running on their server. After a few hours of examining the server I had found a file upload form which would allow me to upload php scripts so I tried to send a php shell that I had written a few years ago.
Upon uploading the file it would get delete before I could execute it. There was an Anti-Virus running. So I went back and wrote another script that looked like any other php library except it would receive a encrypted payload and then decrypt it and execute it on runtime. This of course avoiding the obvious eval.
The key was feeded to the script via a side-channel so that there would be no way for the AV or even an analyst to view the payload after the fact. Also, there was no encrypted code in the script only the mechanisms to decrypt, encrypt and execute. I also had to write a client to be able to coordinate the communication and deliver the payload along with extra commands.
After uploading I got an ok meaning that the code could be executed without the AV interference but every function that would allow shell access was disabled so I went back again and wrote a different payload emulating a shell with PHP functions.
With the new payload it became very easy to navigate through the filesystem and finding the weak file permissions that allowed me to get the database credentials.
This scenario demonstrates the role that the AV has against an attacker. It may stop automated attacks but pretty much anything that is targeted can defeat it.