AMSI bypass
HughMungis opened this issue · comments
Hugh Mungis commented
seems like a lot of payloads are getting caught by AMSI. is it possible to have a "stage 0" where the script downloads your payload, applies an AMSI bypass and/or obfuscation, and then runs the payload? I've been trying to think of a way to do this non-deterministically so that no two executions would look the same but my knowledge of powershell isn't that good (yet lol).