cobbr
commented
5 years ago Hey @protocolic, sounds like you are running into problems w/ AMSI! I would suggest reading up on the AMSI.
I'd probably need a lot more detail on what code you are trying to obfuscate, and what obfuscation options you are using in order to figure out why you are having trouble bypassing the AMSI signatures.
I'm generating script in PowerShell Empire. Many times tried to do obfuscation code with different keys but every time Defender Windows 4.18.1807.18075 detected my code as Trojan: Win32 / armsitaper, https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?name=Trojan%3aWin32%2fAmsiTamper.A!ams&threatid=2147728399&enterprise=0 . Maybe there is some nuance in ofscale code? Is there a solution to this problem? I want to clarify that the detection occurs during the execution of the script.