Description
Generates an obfuscated PowerShell command line that downloads and runs the implant.
Overview
Generates an obfuscated powershell.exe command for the ps_script payload.
Parameters
| Name | Type | Description |
|---|---|---|
| DownloadTechnique | PowerShellDLECradleTechnique | Cradle download technique. Values: NewWebRequest, DownloadString, MsxmlHttpRequest, WinHttpRequest, Random. Default: Random. |
| LaunchTechnique | PowerShellDLELauncherTechniqueType | Script launch technique. Values: InvokeExpression, PipeInvokeExpression, ScriptBlockInvoke, PowerShellInvoke, Random. Default: Random. |
| CertificateValidationTechnique | PwshCertificateValidationTechnique | SSL/TLS cert bypass technique. Values: None, ScriptBlock, AddType, Random. Default: ScriptBlock. |
| MemberExpressionTechnique | PwshInvokeMemberTechnique | Member expression obfuscation technique. Values: Invoke, CodeMethod. Default: Invoke. |
| StringsTechnique | PwshStringObfuscationTechnique | String obfuscation technique. Values: Random, Base64, Concat, Escape, Format, Reverse, Shuffle, Delta, Interleave, Otp, Substitution, Xor, Preferred. Default: Preferred. |
| Technique | PowerShellLauncherTechnique | Launcher technique. Values: Command, EncodedCommand. Default: EncodedCommand. |
| WindowStyle | ProcessWindowStyle | Window style. Default: Hidden. |