Chimera – A (Shiny And Very Hack-Ish) PowerShell Obfuscation Script Designed To Bypass AMSI And Commercial Antivirus Solutions

Chimera is a (shiny and ver y hack-ish) PowerShell obfuscation script designed to bypass AMSI and antivirus solutions. It digests malicious PS1’s known to trigger AV and uses string substitution and variable concatenation to evade common detection signatures. Chimera was created for this write-up and is further evidence of how trivial it is to bypassRead More

WMIHACKER – A Bypass Anti-virus Software Lateral Movement Command Execution Tool

中文版(Chinese version) Disclaimer: The technology involved in this project is only for security learning and defense purposes, illegal use is prohibited! Bypass anti-virus software lateral movement command execution test tool(No need 445 Port)Introduction: The common WMIEXEC, PSEXEC tool execution command is to create a service or call Win32_Process.create, these methods have been intercepted by Anti-virusRead More

Chimera – PowerShell Obfuscation Script Designed To Bypass AMSI And Commercial Antivirus Solutions

Chimera is a (shiny and very hack-ish) PowerShell obfuscation script designed to bypass AMSI and antivirus solutions. It digests malicious PS1’s known to trigger AV and uses string substitution and variable concatenation to evade common detection signatures.Chimera was created for this write-up and is further evidence of how trivial it is to bypass detection signatures.Read More

Avcleaner – C/C++ Source Obfuscator For Antivirus Bypass

C/C++ source obfuscator for antivirus bypass.Build docker build . -t avcleanerdocker run -v ~/dev/scrt/avcleaner:/home/toto -it avcleaner bash #adapt ~/dev/scrt/avcleaner to the path where you cloned avcleanersudo pacman -Syumkdir CMakeBuild && cd CMakeBuildcmake ..make -j 2./avcleaner.bin –help UsageFor simple programs, this is as easy as: avcleaner.bin test/strings_simplest.c –strings=true — However, you should know that you’re usingRead More

Xencrypt – A PowerShell Script Anti-Virus Evasion Tool

Tired of wasting lots of time obfuscating PowerShell scripts like invoke-mimikatz only to have them get detected anyway? Wouldn’t it be awesome if you could take any script and automatically and with almost no effort generate a near-infinite amount of variants in order to defeat signature-based antivirus detection mechanisms?WELL, NOW YOU CAN! For the lowRead More

X