Description
Generates a fully obfuscated PowerShell script that downloads and loads the implant.
Overview
Generates ps_script with multiple layers of PowerShell obfuscation applied.
Parameters
| Name | Type | Description |
|---|---|---|
| AmsiBypassTechnique | PwshAmsiBypassTechnique | AMSI bypass technique. Values: Random, EffectiveAgainstPowerShellCommands, EffectiveAgainstModuleLoading, ContextError, InitFailed, PatchAddType, PatchInMemory, PatchScanContent, AmsiScanBufferStringReplace, HardwareBreakpointAmsiScanBufferAddType, RpcGhosting. Default: PatchInMemory. |
| MemberExpressionTechnique | PwshInvokeMemberTechnique | Member expression obfuscation technique. Values: Invoke, CodeMethod. Default: Invoke. |
| MemberExpressionLayout | PwshCodeMethodLayout | CodeMethod call-site layout. Values: Inline, Separate. Default: Inline. |
| StringsTechnique | PwshStringObfuscationTechnique | String obfuscation technique. Values: Random, Base64, Concat, Escape, Format, Reverse, Shuffle, Delta, Interleave, Otp, Substitution, Xor, Preferred. Default: Preferred. |