Being detected by Windows Defender even with --obfuscate

t3l3machus / hoaxshell

A Windows reverse shell payload generator and handler that abuses the http(s) protocol to establish a beacon-like reverse shell.

BSD 2-Clause "Simplified" License

3.03k stars 480 forks source link

Being detected by Windows Defender even with --obfuscate #36

Closed TheUnknown-007 closed 2 years ago

TheUnknown-007 commented 2 years ago

I've used -H and -o. And yet its being detected by Windows Defender (AMSI). Is there a way to manually obfuscate and get it to work?

t3l3machus commented 2 years ago

Hi, there are many simple tricks you can do manually to obfuscate the raw payload and make it work. I am working on a new tool, kind of the evolution of hoaxshell that will hopefully be released soon and it will include an improved auto obfuscate function.