Description
Generates a VBScript file that embeds an obfuscated PowerShell command produced by the ps_command pipeline.
Overview
Generates a VBScript file whose WScript.Shell call invokes an obfuscated PowerShell command produced by the ps_command pipeline.
Parameters
| Parameter | Type | Description | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| DownloadTechnique | PowerShellDLECradleTechnique | Cradle download technique. Values: NewWebRequest, DownloadString, MsxmlHttpRequest, WinHttpRequest, Random. Default: Random. | \r\n | LaunchTechnique | PowerShellDLELauncherTechniqueType | Script launch technique. Values: InvokeExpression, PipeInvokeExpression, ScriptBlockInvoke, PowerShellInvoke, Random. Default: Random. | \r\n | CertificateValidationTechnique | PwshCertificateValidationTechnique | SSL/TLS cert bypass technique. Values: None, ScriptBlock, AddType, Random. Default: ScriptBlock. | \r\n | MemberExpressionTechnique | PwshInvokeMemberTechnique | Member expression obfuscation technique. Values: Invoke, CodeMethod. Default: Invoke. | \r\n | StringsTechnique | PwshStringObfuscationTechnique | String obfuscation technique. Values: Random, Base64, Concat, Escape, Format, Reverse, Shuffle, Delta, Interleave, Otp, Substitution, Xor, Preferred. Default: Preferred. | \r\n | Technique | PowerShellLauncherTechnique | Launcher technique. Values: Command, EncodedCommand. Default: EncodedCommand. | \r\n | WindowStyle | ProcessWindowStyle | Window style. Default: Hidden. |