NOPs removed, formatting and header best practices

pull/238/head
salt-or-ester 2024-09-13 19:19:16 -07:00 committed by GitHub
parent 52e0b4fa1b
commit 937f1c46ae
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 13 additions and 13 deletions

View File

@ -1,25 +1,25 @@
REM_BLOCK
Title: The Bypass Buddy
Title: The Bypass Buddy
Author: salt-or-ester | salt-or-ester@protonmail.com | https://gitgud.io/saltorester
Description: Evade Windows Script Execution Policy
Target: Windows 11
Device: O.MG Plug | https://hak5.org/products/omg-plug
Device: O.MG Plug | https://hak5.org/products/omg-plug
Version: 1.1
Category: Execution
Tested on: O.MG Plug Elite, Windows 11
Will likely work on other devices and Windows flavors
Tested on: O.MG Plug Elite, Windows 11
Will likely work on other devices and Windows flavors
The Bypass Buddy implements a method to evade Windows script execution
policy protections.
The Bypass Buddy implements a method to evade Windows script execution
policy protections.
The approach involves downloading a Powershell script into memory (not disk),
and running it on-the-fly.
The approach involves downloading a Powershell script into memory (not disk),
and running it on-the-fly.
This can be accomplished without administrative rights.
This can be accomplished without administrative rights.
END_REM
REM Formatting is 'untabbed' to comply with O.MG Editor/UI
REM Formatting is not indented to comply with O.MG Editor/UI
FUNCTION EVADE_SCRIPT_EXECUTION_POLICY()
REM Normally I would add this below the header, as it's a constant, but moving it here for portability
REM Payload to download and run in memory