What is this? All entries Offline version GitHub @Wietze

wmic.exe

It was found that wmic.exe command lines can be obfuscated with the following techniques:

Obfuscate wmic.exe commands

  • Ignore
  • Program Name
  • Regular Argument
  • File Path
  • URL
  • Value
    •
    Show options Apply obfuscation
    Output

    Related

    FAQs

    What is command-line obfuscation?

    Command-Line obfuscation is an attempt to masquerade or otherwise hide the true intention of a program execution. Particularly, in a cyber security context, this usually involves rewriting a process' arguments to something that is functionally equivalent to the original, but bypasses detection systems. This may enable an attacker to execute a malicious command with a lower chance of being detected.

    Why would I need to obfuscate command lines?

    Typically used by threat actors and red teamers, obfuscating command-line arguments masquerades what the goal of the command is, and may bypass detection mechanisms and fool security analysts. As a security professional, you may therefore use this tool to test your resilience against command-line obfuscations, for example by validating whether your detections work when command-line arguments are obfuscated.

    The obfuscated command did not work, what do I do?

    Command lines generated by ArgFuscator sometimes may not work as expected; one reason for this may be that the targeted program may have been updated since the obfuscation options were originally determined. Another reason may be that the obfuscation model created for ArgFuscator was incorrect. Command lines are complicated as every program has their own way of parsing and interpreting the provided arguments; we may therefore get small things wrong. If you believe this is the case, please raise an issue on ArgFuscator's GitHub repository so this can be looked into.