Description
Generates an obfuscated PowerShell download cradle for the ps_script_obfuscated payload.
Overview
Generates an obfuscated download cradle that fetches and runs ps_script_obfuscated from the server.
Parameters
| Name | Type | Description |
|---|---|---|
| DownloadTechnique | PowerShellDLECradleTechnique | Cradle download technique. Values: NewWebRequest, DownloadString, MsxmlHttpRequest, WinHttpRequest, Random. Default: Random. |
| LaunchTechnique | PowerShellDLELauncherTechniqueType | Script launch technique. Values: InvokeExpression, PipeInvokeExpression, ScriptBlockInvoke, PowerShellInvoke, Random. Default: PipeInvokeExpression. |
| CertificateValidationTechnique | PwshCertificateValidationTechnique | SSL/TLS cert bypass technique. Values: None, ScriptBlock, AddType, Random. Default: ScriptBlock. |
| MemberExpressionTechnique | PwshInvokeMemberTechnique | Member expression obfuscation technique. Values: Invoke, CodeMethod. Default: CodeMethod. |
| MemberExpressionLayout | PwshCodeMethodLayout | CodeMethod call-site layout. Values: Inline, Separate. Default: Inline. |
| StringsTechnique | PwshStringObfuscationTechnique | String obfuscation technique. Values: Random, Base64, Concat, Escape, Format, Reverse, Shuffle, Delta, Interleave, Otp, Substitution, Xor, Preferred. Default: Preferred. |