Altered scripts & Automations

The replacement strings should have the same length to avoid altering the binary's structure.

List of offending keywords extracted from https://github.com/ayoul3/reflect-pe project, which employs the same technique to load arbitrary executables in memory.

- Custom Invoke-Kerberoast.ps1

https://github.com/sparcflow/HackLikeALegend/blob/master/ps_scripts/kerberoast.ps1

- Custom Invoke-Mimikatz.ps1

https://github.com/sparcflow/HackLikeALegend/blob/master/ps_scripts/Invoke-mimi.ps1

PreviousMDE (Microsoft Defender for Endpoint)NextCommand Reimplementation C#/C

Last updated 5 months ago