Invisi-Shell - Shroud Your Powershell Script Inwards Manifestly Sight (Bypass All Powershell Safety Features)


Hide your powershell script inwards obviously sight! Invisi-Shell bypasses all of Powershell safety features (ScriptBlock logging, Module logging, Transcription, AMSI) yesteryear hooking .Net assemblies. The claw is performed via CLR Profiler API.

Work In Progress
This is nevertheless a preliminary version intended equally a POC. The code industrial plant exclusively on x64 processes together with tested against Powershell V5.1.

Usage
  • Copy the compiled InvisiShellProfiler.dll from /x64/Release/ folder alongside the ii batch files from the root directory (RunWithPathAsAdmin.bat & RunWithRegistryNonAdmin.bat) to the same folder.
  • Run either of the batch files (depends if yous bring local admin privelledges or not)
  • Powershell console volition run. Exit the powershell using the leave of absence ascendance (DON'T CLOSE THE WINDOW) to permit the batch file to perform proper cleanup.

Compilation
Project was created alongside Visual Studio 2013. You should install Windows Platform SDK to compile it properly.

Detailed Description
More information tin mail away live on establish on the DerbyCon presentation yesteryear Omer Yair (October, 2018).

Credits
  • CorProfiler yesteryear .NET Foundation
  • Eyal Ne'emany
  • Guy Franco
  • Ephraim Neuberger
  • Yossi Sassi
  • Omer Yair


Popular posts from this blog

Efiguard - Disable Patchguard Together With Dse At Kicking Time

Osweep - Don't Simply Search Osint, Sweep It

Telekiller - A Tool Session Hijacking In Addition To Stealer Local Passcode Telegram Windows