Obfuscation

Table of contents

1. Antivirus bypass
2. EDR bypass
3. Tips and Tricks

---

Antivirus bypass

• Frankenstein
• Invoke-Stealth
• Veil

EDR bypass

• Freeze
• Inceptor
• Nimcrypt2
• Pyramid

Tips and Tricks

To check if a file has the Mark of the Web (MOTW).

Get-Content -Path $file -Stream Zone.Identifier

It exists 5 zones, in trust order:

1. Local computer
2. Local intranet
3. Trusted sites
4. Internet
5. Restricted sites