# Obfuscating Files

The action of obfuscating files is to make something obscure, unclear, or unintelligible.  An example of simple obfuscation is a method of converting our strings into a base64 encoded format, this is no method of encryption, and this will not break the functionality of our code, but it is a way to hide our malicious payloads from AVs on scanning for malicious strings (AVs are smart and can also deobfuscate simple b64 and scan the real string)

I will work with a simple Reverse Shell PowerShell Script from Nishang

![](https://315180959-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MRh03Vwd4nuiUi3Oje7%2Fuploads%2FGjgSgqm31yLjYx8ZfCrA%2Fimage.png?alt=media\&token=bffebfaa-d883-450d-93d2-5419e6e3e3a2)

Saving the file, immediately flagged it

![](https://315180959-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MRh03Vwd4nuiUi3Oje7%2Fuploads%2FsrWcddKzRyH5QNTQUTJI%2Fimage.png?alt=media\&token=62ddb34c-65ac-4eb5-84b2-090bc40916a4)

A little trick I've noticed, this technique is not new, but Defender flags a lot of malicious words in English, what if we change this to Spanish?

![](https://315180959-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MRh03Vwd4nuiUi3Oje7%2Fuploads%2Fw8Y1FKglZD3TPlVP3Oq0%2Fimage.png?alt=media\&token=42cc8c66-36d4-47c2-afd0-4591f145a95d)

Now let's encode the entire script into Base64, PowerShell takes a specific format of base64, so we need to set up these settings to apply it to all the text on the script

![](https://315180959-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MRh03Vwd4nuiUi3Oje7%2Fuploads%2FZcZpIBJSYbhzJR8unWG8%2Fimage.png?alt=media\&token=2aede663-bacb-40d9-8e8c-607a4a167731)

We can copy and paste this base64 blob and run it correctly

Demo:

&#x20;

![](https://315180959-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MRh03Vwd4nuiUi3Oje7%2Fuploads%2FBDEABJt4u0fSqO5Kj0kr%2FBase64Obfuscate.gif?alt=media\&token=9797afaf-0e03-48ba-8ead-cf9ca555938f)