-
Notifications
You must be signed in to change notification settings - Fork 812
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
the powershell script is detectable. #154
Comments
You should watch this: https://www.youtube.com/watch?v=6G9DD6SkVqk |
Isn't this entire project made to create undetectable payloads? Why would you need to rewrite the tool to make it create undetectable scripts |
also, i should mention that powershell also blocks scripts for thefatrat |
Watch the video I sent and you will understand better how the tool works (hopefully). Seriously, watch the YT video when you are bored or whatever. It will make better sense to you. |
I watched the video, and im wondering which one of these ways should I use to make the script bypass amsi? Modify the base64 code, use that project by rasta, or use that guide to modify metasploit's payload.dll Also, shouldn't unicorn bypass amsi by default? Does a new amsi bypass get added every week? |
I suggest you join the discord server and ask in the #ask-help channel. https://discord.gg/trustedsec |
I asked, but it takes over a day for anyone to answer |
as you can see in the image, i ran the AMSI bypass powershell command, but it was detected. Literally the only antivirus that i have is windows defender. (The normal non-AMSI command didn't even work, it just closes powershell)
I am using windows/meterpreter/reverse_https i think.
I followed this guide to use it.
![image](https://user-images.githubusercontent.com/65046191/101091940-8b7b3580-35c1-11eb-94ea-23676dd567b4.png)
https://null-byte.wonderhowto.com/how-to/hacking-windows-10-create-undetectable-payload-part-1-bypassing-antivirus-software-0185055/
The text was updated successfully, but these errors were encountered: