AV Evasion 101 Powershell
>> YOUR LINK HERE: ___ http://youtube.com/watch?v=_sPM9Er_194
In this Twitch stream I showed Powershell protection mechanisms and techniques to bypass them. In addition some Obfuscators for Scripts as well as manual modification for AV signature evasion were shown. • Intruduction - 12:58 • Bypass AMSI - 24:40 • Load C# binaries into Powershell after patching AMSI - 45:55 • Script Block Logging introduction and bypass - 52:22 • Invoke-Obfuscation - 1:02:22 • Script Block Logging bypass No. 2 - 1:09:23 • Bypass Constrained Language Mode with MSBuildshell - 1:15:40 • PSBypassCLM obfuscation fail from my side - 1:26:25 • AmsiTrigger fails from my side - 1:38:23 • Pyfuscation - automate string replacements - 1:52:19 • Bypass the Defender in memory scanner for Mimikatz - 2:02:58 • Bypass in memory scanner by using PPID Spoofing - 2:18:00 • SandBox Evasion - 2:26:12 • AmsiTrigger ThreadCheck troubleshooting - 2:55:00 • ISE-Steroids has pretty bad OPSec - 3:13:25 • Links mentioned and used: • https://amsi.fail/ • https://s3cur3th1ssh1t.github.io/Bypa... • http://www.powertheshell.com/isestero... • https://specterops.io/assets/resource... • https://github.com/itm4n/PrivescCheck • https://github.com/danielbohannon/Inv... • https://www.bc-security.org/post/powe... • https://github.com/RythmStick/AMSITri... • https://github.com/byt3bl33d3r/Offens... • https://github.com/Arvanaghi/CheckPlease • https://github.com/rasta-mouse/Threat... • https://s3cur3th1ssh1t.github.io/Cust... • • Several Scripts were used from here: • https://github.com/S3cur3Th1sSh1t/Cre...
#############################
New on site