Every now and then, cybersecurity professionals encounter scripts that are difficult to read or outright weird, possibly to circumvent security tools and programmes that analyse behaviour and code.
Manual obfuscation is used to make scripts immune to behaviour-based analysis tools such as AMSI, which analyses PowerShell scripts and their behaviour in real time.
Obfuscation, especially with PowerShell, is an art form that mixes disparate components to create a “Frankenstein” script that is difficult to understand while still performing the same tasks as the original script.
This post explains some of the techniques for manually obfuscating PowerShell scripts, highlighting the need for cybersecurity professionals to have such skills with legal sandboxes as part of their toolset.