PSAmsi cannot obfuscate Invoke-Mimikatz.ps1 (obfuscation fails)

[magnusstubman]

The obfuscation functionality fails and this line is reached:

# If we've run through all the strings and the string is still flagged, obfuscation fails
If (($TokenIndex -ge ($MatchingTokens.Count-1))) { $DoneObfuscating = $True }

(https://github.com/cobbr/PSAmsi/blob/master/PSAmsiClient.ps1#L3177)

[phra]

@magnusstubman @cobbr just tried on my machine and the script throws a stack overflow exception

[cobbr]

I can look into the stack overflow if you have details @phra.

@magnusstubman It's always a possibility that automated obfuscation could fail depending upon signatures, which looks like it might be the case here. Automated obfuscation is nice, but the real value of PSAmsi is in identifying the signatures. I'd recommend using PSAmsi to identify signatures and try to obfuscate around those manually. If you do have ideas on how to better automate obfuscation, I'm certainly open to ideas. (Apologies for the very late response)

[magnusstubman]

@cobbr No worries - no apologies needed for delays when it comes to OSS, I'm just happy people as skilled as yourself actually share their awesome projects with the rest of us :)

I'm afraid I don't have any good ideas, sorry.

I'm leaving this issue open, should someone else stumble upon the same issue.