sed_and_changing_files_for_malware_evasi

SED AND CHANGING FILES FOR MALWARE EVASI The following will change Invoke-Mimikatz into Invoke-LSASSscraper - Where Invoke-Mimikatz is what antivirus will pick up and Invoke-LSASSscraper is what will bypass antivirus

sed -i -e 'Invoke-Mimikatz/Invoke-LSASSscraper/g' Invoke-Mimikatz.ps1

The following will remove all comment blocks from a powershell file, helping to bypass AV

sed -i -e '/<#/,/#>/c\' Invoke-Mimikatz.ps1

The following will help remove all comments from a powershell file, helping to bypass AV

sed -i -e 's/^[[:space:]]#.$//g' Invoke-Mimikatz.ps1

Previousnetwork-change-ip Nextweb_discovery

Last updated 4 years ago

Was this helpful?