Description
Generates an obfuscated AMSI bypass .NET executable.
Overview
This script is designed to generate an AMSI (Antimalware Scan Interface) bypass technique in C#and compiles it to an executable. It follows a structured approach to selecting, obfuscating, and compiling the AMSI bypass code to evade detection by security tools. The script utilizes SpecterInsight’s obfuscation and compiler transformations to create an executable payload.
Parameters
| Name | Type | Description |
|---|---|---|
| AmsiBypassTechnique | SpecterInsight.Obfuscation.CSharp.AstTransforms.Bypasses.Techniques.CSharpAmsiBypassTechnique | The specific AMSI bypass technique to use. Default is HardwareBreakpointAmsiScanBuffer. |
| StringObfuscationTechnique | SpecterInsight.Obfuscation.CSharp.AstTransforms.CSharpStringVaultTransformTechnique | The string obfuscation technique to use. Default is Random. |
| OutputType | SpecterInsight.Obfuscation.CSharp.OutputTransforms.CSharpCompilerTarget | The output format of the compiled payload (e.g., Console, DLL). Default is Console. |
| FrameworkVersion | SpecterInsight.Obfuscation.CSharp.OutputTransforms.CSharpCompilerFrameworkVersion | The target .NET Framework version for the compiled binary (e.g., .NET 2.0, .NET 4.0). Default is Dotnet2. |