IISResetMe
commented
7 years ago This commit may not be the best way of solving the problem, as it excludes random backticks (which are perfectly valid obfuscations) for function name literals.
I've raised issue 7 - Exclude function names from token randomization instead
PSParser.Tokenize() treats function name literals as CommandArgument tokens. This causes the TOKEN\ARGUMENT\1 (Random Case) routine to quote the function name, incidentally invalidating it.
This commit makes Out-ObfuscatedTokenCommand skip CommandArgument tokens directly following the function keyword