Comments (3)
Thanks for the explanation, that's pretty clear and faith entrusting.
from adape-script.
If you look back at the 1.3 branch, I used to have two methods: local and external. By adding the external argument it would go to Github, download the module and run it. This is obviously a huge opsec no-no as you'd trigger not only AV/EDRs, but any half decent SIEM or IPS/IDS. Running it with the local argument would require the modules to be in the same directory as the .ps1 thus making you obfuscate them, which isn't hard, but just a pain. I was at Derbycon for training with Larry Spohn and Ben Mauch (Ben Ten), and showed Ben, who is a Powershell guru, my script and he thought it was awesome but said I should use invoke-obfuscation, so I did. Here is him retweeting it, if it matters any: https://imgur.com/a/2E69T9B
Unfortunately the side-effect of obfuscating code from AV is you hide it from people too, so it's always a question of it's actually installing a RAT or something and obviously I'll say no, but if you don't want to take my word you are more than able to feel free to run Invoke-Obfuscation against the modules used and compare base64 output to the script, it should give the exact output. I'll include a few screenshots of this as well, but of course there will always be skepticism (as there should be). Initially I just wanted to just call down Invoke-Obfuscation then obfuscate the modules live, in the script. The problem with that is there is a hard-coded limit to output for Invoke-Obfuscation, with a default of 8900ish, as that is the limit for command prompt, so in order to get a full obfuscated script, you have to edit Invoke-Obfuscation to increase the output limit.
If you're still skeptical, 1.3 still works, so just download the modules yourself and include them in the same folder as the script and run it with the local argument and it will use the modules you downloaded, which of course you can obfuscate yourself.
from adape-script.
I completely understand the want to have this obfuscated, but since github has the feature of branches. Do you think you could possibly keep another branch in sync with master that is the unobfuscated branch, so we could possibly contribute to the code without having to deobfuscate? I don't know if that is what you were planning on doing with 1.3 branch, but I just checked that and it says that it is 16 commits behind right now.
This is a really cool project though 😁
from adape-script.
Related Issues (3)
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from adape-script.