AV Evasion 101 - Powershell
HTML-код
- Опубликовано: 8 сен 2024
- In this Twitch stream I showed Powershell protection mechanisms and techniques to bypass them. In addition some Obfuscators for Scripts as well as manual modification for AV signature evasion were shown.
Intruduction - 12:58
Bypass AMSI - 24:40
Load C# binaries into Powershell after patching AMSI - 45:55
Script Block Logging introduction and bypass - 52:22
Invoke-Obfuscation - 1:02:22
Script Block Logging bypass No. 2 - 1:09:23
Bypass Constrained Language Mode with MSBuildshell - 1:15:40
PSBypassCLM obfuscation fail from my side - 1:26:25
AmsiTrigger fails from my side - 1:38:23
Pyfuscation - automate string replacements - 1:52:19
Bypass the Defender in memory scanner for Mimikatz - 2:02:58
Bypass in memory scanner by using PPID Spoofing - 2:18:00
SandBox Evasion - 2:26:12
AmsiTrigger & ThreadCheck troubleshooting - 2:55:00
ISE-Steroids has pretty bad OPSec - 3:13:25
Links mentioned and used:
amsi.fail/
s3cur3th1ssh1t...
www.powertheshe...
specterops.io/...
github.com/itm...
github.com/dan...
www.bc-securit...
github.com/Ryt...
github.com/byt...
github.com/Arv...
github.com/ras...
s3cur3th1ssh1t...
Several Scripts were used from here:
github.com/S3c...
excellent work dude . huge fan . i will be binge watching your content . makes me feel sad that you havent posted in a while . thank you very very much dude .
Love your content dude! Was super helpful for me. Thanks for sharing and I hope you keep making this masterclasses
Thanks for sharing!
starts at 12:58
how do i get Ps to run amsi bypass line by line i looked online and cant find anything, its probably obvious but i cant find it, with my scripts i just run it against PowerChunker. by the way im only 44mins in and find it very informative and easy to follow. great job
It's just about copying the bypass and pasting it into a Powershell window. As easy as that.
video not quality