Windows Command-Line Obfuscation

Many Windows applications have multiple ways in which the same command line can be expressed, usually for compatibility or ease-of-use reasons. As a result, command-line arguments are implemented inconsistently making detecting specific commands harder due to the number of variations. This post shows how more than 40 often-used, built-in Windows applications are vulnerable to forms of command-line obfuscation, and presents a tool for analysing other executables.

Windows Command Shell - Red Canary Threat Detection Report

hacking-material-books/obfuscation/simple_obfuscation.md at master

Invoke-Obfuscation – Liam Cleary [MVP Alumni and MCT]

hacking-material-books/obfuscation/simple_obfuscation.md at master

Invoke-Obfuscation — Hiding Payloads To Avoid Detection

vb.net - Obfuscation Automation by Using Post-Build Commands in

The Invoke-Obfuscation Usage Guide :: Part 2 — Daniel Bohannon

hacking-material-books/obfuscation/simple_obfuscation.md at master

Tried and True Hacker Technique: DOS Obfuscation

AMSI Bypass Methods Pentest Laboratories

Invoke-Obfuscation – Liam Cleary [MVP Alumni and MCT]

PowerShell Obfuscation: Stealth Through Confusion, Part I

Invoke-Obfuscation v1.1 (coming Sunday, Oct 9) — Daniel Bohannon