What's new
By:
Filters
Runion

This is a sample guest message. Register a free account today to become a member! Once signed in, you'll be able to participate on this site by adding your own topics and posts, as well as connect with other members through your own private inbox!

Powershell obfuscation

K

katg

Midle Weight
Депозит
$0
Hey all, Could someone shed light on how to obfuscate a PowerShell script, im trying to send it as a macro in a word document.
My plan is to run it in memory so i need to bypass AMSI as well as defender for windows. thank you and sorry for my terrible english
 
katg сказал(а):
Hey all, Could someone shed light on how to obfuscate a PowerShell script, im trying to send it as a macro in a word document.
My plan is to run it in memory so i need to bypass AMSI as well as defender for windows. thank you and sorry for my terrible english
Click to expand...
Пожалуйста, обратите внимание, что пользователь заблокирован

Write me in PM or TOX.

A5852A300E402AD8AA973E1147D024FFE7DCF34BCC203C7B9DFB8560A3B10361000000000003
 
katg сказал(а):
Hey all, Could someone shed light on how to obfuscate a PowerShell script, im trying to send it as a macro in a word document.
My plan is to run it in memory so i need to bypass AMSI as well as defender for windows. thank you and sorry for my terrible english
Click to expand...
Пожалуйста, обратите внимание, что пользователь заблокирован

did you try free tool to obfuscate and they don't work ?
 
Levon сказал(а):
did you try free tool to obfuscate and they don't work ?
Click to expand...

i tried invoke-obfuscation, it worked on my VM environment but when I tested in a lab i created it did not call back to my c2 but at the same time it did not alert windows av, its really confusing,, if you have any recommendations for tools let me know please.
 
shoehorn сказал(а):
Why not send as base64?
Click to expand...

i need to patch the target machine with rastamouse for base64 no? i read about it a little but i felt like its double the work, if im trying to compromise a network how many macros will they run,,, if you know any better i love to learn thanks
 
Пожалуйста, обратите внимание, что пользователь заблокирован
Try this
GitHub - klezVirus/chameleon: PowerShell Script Obfuscator
PowerShell Script Obfuscator. Contribute to klezVirus/chameleon development by creating an account on GitHub.
github.com
 
berlin сказал(а):
Try this
GitHub - klezVirus/chameleon: PowerShell Script Obfuscator
PowerShell Script Obfuscator. Contribute to klezVirus/chameleon development by creating an account on GitHub.
github.com
Click to expand...

ok nice man, i will test
 
thecount сказал(а):
using tools from github didn't help you with that ?
Click to expand...

i tried invoke-obfuscation but its dead, it was strange because the av didnt signal malicious behavior but it doesnt connect to the c2, but when i turned of the av and pasted the c2 raw pws script it connected. obfuscation is headache and expensive some guy wants 5k to fud lol
 
no one can handel 5k for just one option it's to expensive .. please tag me if you find something work good with powersheel
 
katg сказал(а):
Hey all, Could someone shed light on how to obfuscate a PowerShell script, im trying to send it as a macro in a word document.
My plan is to run it in memory so i need to bypass AMSI as well as defender for windows. thank you and sorry for my terrible english
Click to expand...

you can do this in multiple stages, convert your raw payload into base64 replace some chars with other stuff to make base64 more ugly then write a function to reverse this all and execute it, and put this in file and just tell powershell to read from server and pipe to iex (execute) https://xss.is/threads/68680/ this will help you , you can do lot of stuff with powershell just need to be more creative
 
You must log in or register to reply here.
Top