Xencrypt - A PowerShell Script Anti-Virus Evasion Tool

[itsMe]

Xencrypt - A PowerShell Script Anti-Virus Evasion Tool

Tired of wasting lots of time obfuscating PowerShell scripts like invoke-mimikatz only to have them get detected anyway? Wouldn't it be awesome if you could take any script and automatically and with almost no effort generate a near-infinite amount of variants in order to defeat signature-based antivirus detection mechanisms?
WELL, NOW YOU CAN! For the low low price of free! Xencrypt is a PowerShell crypter that uses AES encryption and Gzip/DEFLATE compression to with every invocation generate a completely unique yet functionally equivalent output script given any input script. It does this by compressing and encrypting the input script and storing this data as a payload in a new script which will unencrypt and decompress the payload before running it. In essence, it is to PowerShell what a PE crypter is.

Features

Xencrypt:

    Bypasses AMSI and all modern AVs in use on VirusTotal (as of writing)
    Compresses and encrypts powershell scripts
    Has a minimal and often even negative (thanks to the compression) overhead
    Randomizes variable names to further obfuscate the decrypter stub
    Randomizes encryption, compression and even the order that the statements appear in the code for maximum entropy!
    Super easy to modify to create your own crypter variant
    Supports recursive layering (crypter crypting the crypted output), tested up to 500 layers.
    Supports Import-Module as well as standard running as long as the input script also supported it
    GPLv3 -- Free and open-source!
    All features in a single file so you can take it with you anywhere!
    Is despite all of the above not a silver bullet for every configuration -- caveat emptor!

To see this hidden content, you must like this content.