Powerglot – encodes offensive powershell scripts using polyglots

From hakin9.org

Powerglot encodes several kinds of scripts using polyglots, for example, offensive PowerShell scripts. It is not needed a loader to run the payload.

In red-team exercises or offensive tasks, masking of payloads is usually done by using steganography, especially to avoid network-level protection, being one of the most common payloads scripts developed in Powershell. Recent malware and APTs make use of some of these capabilities: APT32, APT37, Ursnif, Powload, LightNeuron/Turla, Platinum APT, Waterbug/Turla, Lokibot, The dukes (operation Ghost), Titanium, etc.

Read more…