Hide your powershell script in plain sight! Invisi-Shell bypasses all of Powershell security measures (ScriptBlock logging, Module logging, Transcription, AMSI) by hooking .Net assemblies. The hook is carried out by way of CLR Profiler API.
Work In Progress
This remains to be a preliminary model supposed as a POC. The code works solely on x64 processes and examined towards Powershell V5.1.
- Copy the compiled InvisiShellProfiler.dll from /x64/Release/ folder with the 2 batch information from the basis listing (RunWithPathAsAdmin.bat & RunWithRegistryNonAdmin.bat) to the identical folder.
- Run both of the batch information (relies upon when you have native admin privelledges or not)
- Powershell console will run. Exit the powershell utilizing the exit command (DON’T CLOSE THE WINDOW) to permit the batch file to carry out correct cleanup.
Project was created with Visual Studio 2013. You ought to set up Windows Platform SDK to compile it correctly.
- CorProfiler by .NET Foundation
- Eyal Ne’emany
- Guy Franco
- Ephraim Neuberger
- Yossi Sassi
- Omer Yair