Automating evasion script generation in Bash
To automate the generation of obfuscated Bash scripts, we’ll create a simple framework that combines various evasion techniques. This framework will allow us to quickly produce scripts that are more likely to evade detection by AV and EDR systems.
Here’s a basic structure for our framework. The following code can be found in this chapter’s GitHub repository as ch14_auto_obfuscate_1.sh. I’ll be breaking the code down into smaller sections to provide explanations:
#!/usr/bin/env bash
# Function to encode a string using base64
encode_base64() {
echo "$1" | base64
} The preceding code block provides a function to Base64 encode any data passed to the function. In the next part of the code, a function is provided to use the openssl program to generate random variable names composed of four-digit hexadecimal characters:
# Function to obfuscate variable names obfuscate_var_name...
