Closed EndCod3r closed 1 year ago
Yeah the cmd curl does not trigger AMSI, that's why it's a bit tricky to detect. For the powershell reverse shells you would have to apply obfuscation. I've created repositories and videos about how to do that: Check this repo out -> https://github.com/t3l3machus/PowerShell-Obfuscation-Bible How to create custom templates with Villain and evade AV detection -> https://youtu.be/grSBdZdUya0
I'm wondering how to run a socket-based rshell process on a Windows 11 computer. The reason it says this is because I'm using the payload windows/hoaxshell/cmd_curl as it's the only that works for me and passes Windows Defender.