PrivescCheck Helper script detected by AMSI when building

Helper script detected by AMSI when building

Open itm4n opened this issue 2 years ago • 0 comments

When building the script, the file src\02_Helpers.ps1 is blocked by AMSI.

C:\PATH\TO\PrivescCheck>powershell -ep bypass -c ".\Build.ps1"
[OK] Loaded module file 00_Main.ps1
[OK] Loaded module file 01_Win32.ps1
[KO] Failed to load module file 02_Helpers.ps1
[ERROR] At C:\_WORKSPACE\PrivescCheck\src\02_Helpers.ps1:1 char:1
+ function Test-IsRunningInConsole {
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
This script contains malicious content and has been blocked by your antivirus software.
[OK] Loaded module file 03_User.ps1
[OK] Loaded module file 04_Services.ps1
[OK] Loaded module file 05_Applications.ps1
[OK] Loaded module file 06_ScheduledTasks.ps1
[OK] Loaded module file 07_Hardening.ps1
[OK] Loaded module file 08_Config.ps1
[OK] Loaded module file 09_Network.ps1
[OK] Loaded module file 10_Updates.ps1
[OK] Loaded module file 11_Credentials.ps1
[OK] Loaded module file 99_Misc.ps1

This can be worked around by disabling "Windows Security" during build, but it would be nice to improve the Builder script in order to bypass detection earlier in the process.

Aug 14 '22 16:08 itm4n

PrivescCheck PrivescCheck copied to clipboard

Helper script detected by AMSI when building

PrivescCheck
PrivescCheck copied to clipboard