A blazingly fast tool to generate obfuscated Windows PowerShell paths by globbing environment variables

@lavafroth to

Powershell • 11 months ago

Hi everyone, I created this little tool in Rust to generate obfuscated looking glob patterns for paths by utilizing the default environment variables in Windows PowerShell.

You can check it out here: https://github.com/lavafroth/envy-rs

This can probably be used in conjunction with some other tools to bypass AV/EDR.

As you can guess, I’m not a PowerShell ninja. I did not come up with the idea. I learned about it from this video by John Hammond. I merely implemented the code.

You must log in or register to comment.

Chat

Powershell

[email protected]

Create a post

You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: [email protected]

PowerShell (POSH) is a a task automation command-line shell and scripting language created by Microsoft. It became part of the FOSS community in 2016 and is now available across Windows, Linux, and macOS

Resources:

Install PowerShell – Instructions for Windows, Linux, and macOS
PowerShell Galley Your one-stop shop community and Microsoft modules.
PowerShell Repository – View the PowerShell source code, report issues, or contribute to the project yourself.
PowerShell Community Call – Hear from and talk directly to the product team on the 3rd Thursday of every month
PowerShell in Visual Studio Code – It’s time to say goodbye to ISE

Rules:

Be civil (aka don’t be a jerk). Remember there are people from all walks of life, all with different levels of expertise. You can disagree with someone, but please be civil when doing so.
Adhere to the Lemmy Code of Conduct
Follow all programming.dev rules
Posts must relate to PowerShell or the PowerShell ecosystem.
Use code blocks to make things easier to read.
Memes and humorous posts are allowed but try not over do it. And keep them relevant to PowerShell
No discussion about piracy or hacking.
If someone provides an answer that solves your problem, please reply, so others know what the solution was. ^And ^so ^the ^person ^who ^suggested ^it ^gets ^that ^oh ^so ^sweet ^shot ^of ^dopamine.
If you find a solution to your problem by other means, please take your time to write down the steps you used to solve your problem in the original post. You can potentially help others having the same problem!

Self-promotion rules:

Self-promotion content must be marked as [OC]
Do not SPAM. Content must be PowerShell related.
Only 10% of your contributions can be self-promotion. In other words, 90% of your contribution must not be self-promotion.
Personal blogs are not considered self-promotion, at this time, as long as they are free to access and relevant. Please do not abuse this.

2 users / day
21 users / week
55 users / month
94 users / 6 months
998 subscribers
61 Posts
94 Comments
Modlog