Xencrypt is a PowerShell crypter that uses AES encryption and Gzip/DEFLATE compression to with every invocation generate a completely unique yet functionally equivalent output script given any input script.
It does this by compressing and encrypting the input script and storing this data as a payload in a new script which will unencrypt and decompress the payload before running it. In essence, it is to PowerShell what a PE crypter is.
Features
Also Read – Mouse : iOS & macOS Post-Exploitation Framework
Usage
Import-Module ./xencrypt.ps1
Invoke-Xencrypt -InFile invoke-mimikatz.ps1 -OutFile xenmimi.ps1
You will now have an encrypted xenmimi.ps1 file in your current working directory. You can use it in the same way as you would the original script, so in this case:
Import-Module ./xenmimi.ps1
Invoke-Mimikatz
It also supports recursive layering via the -Iterations flag.
Invoke-Xencrypt -InFile invoke-mimikatz.ps1 -OutFile xenmimi.ps1 -Iterations 100
This will compress and encrypt it 100 times and is useful for dynamic AV bypasses because they have a time-out for analyzing code. There’s no fakery here like sleeps that the dynamic scan can skip to get to the end — it has to go through the entire chain to get to the malicious payload which it usually never does since they normally time out after a second or two or scanning.
Warning though, the files can get big and generating the output file can take a very long time depending on the scripts and number of iterations requested.
ROADTools is a powerful framework designed for exploring and interacting with Microsoft Azure Active Directory…
Microsoft 365 Groups (also known as M365 Groups or Unified Groups) are at the heart…
SeamlessPass is a specialized tool designed to leverage on-premises Active Directory Kerberos tickets to obtain…
PPLBlade is a powerful Protected Process Dumper designed to capture memory from target processes, hide…
HikPwn: Comprehensive Guide to Scanning Hikvision Devices for Vulnerabilities If you’re searching for an efficient…
What Are Bash Comments? Comments in Bash scripts, are notes in your code that the…