This PR adds an additional configuration option when building the Atlas agent.
The default is "false", and will result in a payload that is no different than it would have been before this feature. Setting obfuscation to "true" will run the output Atlas.exe through the following CEX profile:
To give you an example of CEX, the output executable will have an entry point that looks like this:
The payload shouldn't get caught by Defender or AMSI if this option is used, but the file size increases quite a bit (~62KB to ~130KB).
This PR adds an additional configuration option when building the Atlas agent. The default is "false", and will result in a payload that is no different than it would have been before this feature. Setting obfuscation to "true" will run the output Atlas.exe through the following CEX profile:
To give you an example of CEX, the output executable will have an entry point that looks like this: The payload shouldn't get caught by Defender or AMSI if this option is used, but the file size increases quite a bit (~62KB to ~130KB).