Windows Command-Line Obfuscation

Many Windows applications have multiple ways in which the same command line can be expressed, usually for compatibility or ease-of-use reasons. As a result, command-line arguments are implemented inconsistently making detecting specific commands harder due to the number of variations. This post shows how more than 40 often-used, built-in Windows applications are vulnerable to forms of command-line obfuscation, and presents a tool for analysing other executables.

CB16] Invoke-Obfuscation: PowerShell obFUsk8tion Techniques & How

Cmd and Conquer: De-DOSfuscation with flare-qdb - REAL security

The Invoke-Obfuscation Usage Guide :: Part 2 — Daniel Bohannon

Command-Line Obfuscation

Obfuscated Command Line Detection Using Machine Learning

Exploring Windows Command-Line Obfuscation

Invoke-Obfuscation — Hiding Payloads To Avoid Detection

Cmd and Conquer: De-DOSfuscation with flare-qdb

hacking-material-books/obfuscation/simple_obfuscation.md at master

Evading Windows Defender using obfuscation techniques

CB16] Invoke-Obfuscation: PowerShell obFUsk8tion Techniques & How

De-obfuscate/Decode Files or Information - Red Team Notes 2.0

Commandline Obfusaction - Red Team Notes

Florian Roth on X: Sigma rule to detect suspicious Unicode