Locked Invoke-PSObfuscation v1.0.0

[itsMe]

This is the hidden content, please

• Sign In
• or
• Sign Up

Invoke-PSObfuscation v1.0.0 - obfuscating the individual components of a PowerShell payload

Traditional obfuscation techniques tend to add layers to encapsulate standing code, such as base64 or compression. These payloads do continue to have a varied degree of success, but they have become trivial to extract the intended payload and some launchers get detected often, which essentially introduces chokepoints.

The approach this tool introduces is a methodology where you can target and obfuscate the individual components of a script with randomized variations while achieving the same intended logic, without encapsulating the entire payload within a single layer. Due to the complexity of the obfuscation logic, the resulting payloads will be very difficult to signature and will slip past heuristic engines that are not programmed to emulate the inherited logic.

While this script can obfuscate most payloads successfully on its own, this project will also serve as a standing framework that I will use to produce future functions that will utilize this framework to provide dedicated obfuscated payloads, such as one that only produces reverse shells.

Dedicated Payloads

As part of my ongoing work with PowerShell obfuscation, I am building out scripts that produce dedicated payloads that utilize this framework. These have helped to save me time and hope you find them useful as well. You can find them within their own folders at the root of this repository.

    Get-ReverseShell
    Get-DownloadCradle
    Get-Shellcode

v1.0.0

    This project has been live for a while, but publishing a release for some versioning history.

This is the hidden content, please

• Sign In
• or
• Sign Up