What is Xencrypt?
Xencrypt is a tool for AV and AMSI evasion for PowerShell scripts. I wrote it specifically with CTFs in mind since it’s quite common that you bump into various AV solutions on the harder boxes. It’s designed to be a single ps1 file so you can take it with you in your kit!
- Bypasses AMSI and all modern AVs in use on VirusTotal (as of writing)
- Compresses and encrypts powershell scripts
- Has a minimal and often even negative (thanks to the compression) overhead
- Everything in a single file!
- Randomizes variable names to further obfuscate the decrypter stub
- Randomizes encryption, compression and even the order that the statements appear in the code for maximum entropy!
- Super easy to modify to create your own crypter variant
- Supports recursive layering (crypter crypting the crypted output), tested up to 500 layers.
- Supports Import-Module as well as standard running as long as the input script also supported it
- GPLv3, Free and FOSS so you can edit it however you want!