Wrote a quick little tool to help make evasion work a little easier. This project finds the exact byte that Defender will flag on and then dumps the offending bytes, signature name, and offset. Could be helpful for testing/modifying tools and payloads. github.com/matterpreter/Defe…

12:34 PM · Apr 10, 2019

3
166
352
GIF
Replying to @matterpreter
Can’t wait to try it out!
0
0
1
Replying to @matterpreter
I cannot wait for this. This will save all that time which i sent on finding that bit just to do evasion. 😅😊
0
0
0
Did you do the equivalent with AMSI? I was working on it about half a year ago but haven’t had time to revisit.
1
0
1
The tool leverages the Defender command line utility, MpCmdRun, so I believe that it would use Defender's integration with AMSI.
0
0
2