Setup Obfuscation Tactic for EDRHunt constants. Garble, GoObfuscate fails to work properly.

Question

Setup Obfuscation Tactic for EDRHunt constants. Garble, GoObfuscate fails to work properly.

achilles4828 opened this issue 3 years ago · 1 comments

Tried using garble and gobfuscate to obfuscate string constants to prevent detections.

garble

Compiles successfully with the -literals flag but EDRHunt fails to find correct system data somehow? As garble is obfuscating strings of all the dependencies it might happen that one of the libraries strings might be getting incorrectly obfuscated? Not sure.

Answer 1 · 2021-10-09T13:57:54.000Z

Fixed by using go install mvdan.cc/garble@master instead of go install mvdan.cc/garble@latest.