AV Evasion 101 - Powershell скачать в хорошем качестве

AV Evasion 101 - Powershell

In this Twitch stream I showed Powershell protection mechanisms and techniques to bypass them. In addition some Obfuscators for Scripts as well as manual modification for AV signature evasion were shown. Intruduction - 12:58 Bypass AMSI - 24:40 Load C# binaries into Powershell after patching AMSI - 45:55 Script Block Logging introduction and bypass - 52:22 Invoke-Obfuscation - 1:02:22 Script Block Logging bypass No. 2 - 1:09:23 Bypass Constrained Language Mode with MSBuildshell - 1:15:40 PSBypassCLM obfuscation fail from my side - 1:26:25 AmsiTrigger fails from my side - 1:38:23 Pyfuscation - automate string replacements - 1:52:19 Bypass the Defender in memory scanner for Mimikatz - 2:02:58 Bypass in memory scanner by using PPID Spoofing - 2:18:00 SandBox Evasion - 2:26:12 AmsiTrigger & ThreadCheck troubleshooting - 2:55:00 ISE-Steroids has pretty bad OPSec - 3:13:25 Links mentioned and used: https://amsi.fail/ https://s3cur3th1ssh1t.github.io/Bypa... http://www.powertheshell.com/isestero... https://specterops.io/assets/resource... https://github.com/itm4n/PrivescCheck https://github.com/danielbohannon/Inv... https://www.bc-security.org/post/powe... https://github.com/RythmStick/AMSITri... https://github.com/byt3bl33d3r/Offens... https://github.com/Arvanaghi/CheckPlease https://github.com/rasta-mouse/Threat... https://s3cur3th1ssh1t.github.io/Cust... Several Scripts were used from here: https://github.com/S3cur3Th1sSh1t/Cre...