Discrepancies in detecting obfuscated payloads by Windows Defender?

This page summarizes the projects mentioned and recommended in the original post on /r/hacking

Our great sponsors
  • WorkOS - The modern identity platform for B2B SaaS
  • InfluxDB - Power Real-Time Data Analytics at Scale
  • SaaSHub - Software Alternatives and Reviews
  • Invoke-Obfuscation

    PowerShell Obfuscator

    I decided to learn something about obfuscating payloads so I read some articles and got onto our lab environment and started testing, for example with Invoke-Obfuscation. For the time being I stuck with obfuscating PowerShell payloads and testing them against Windows Defender.

  • nishang

    Nishang - Offensive PowerShell for red team, penetration testing and offensive security.

    After that I expanded my research and tried a payload from GitHub user samratashok and followed this Guide in which only the text encoding method is altered from ASCII to UTF8. And guess what? It actually worked, Windows Defender does not detect it!

  • WorkOS

    The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts