Invisi-Shell – Hide Your Powershell Script In Plain Sight (Bypass All Powershell Security Features)

0
11
Invisi-Shell - Hide Your Powershell Script In Plain Sight (Bypass All Powershell Security Features)

Hide your powershell script in plain sight! Invisi-Shell bypasses all of Powershell security measures (ScriptBlock logging, Module logging, Transcription, AMSI) by hooking .Net assemblies. The hook is carried out by way of CLR Profiler API.

Work In Progress

This remains to be a preliminary model supposed as a POC. The code works solely on x64 processes and examined towards Powershell V5.1.

Usage

  • Copy the compiled InvisiShellProfiler.dll from /x64/Release/ folder with the 2 batch information from the basis listing (RunWithPathAsAdmin.bat & RunWithRegistryNonAdmin.bat) to the identical folder.
  • Run both of the batch information (relies upon when you have native admin privelledges or not)
  • Powershell console will run. Exit the powershell utilizing the exit command (DON’T CLOSE THE WINDOW) to permit the batch file to carry out correct cleanup.

Compilation

Project was created with Visual Studio 2013. You ought to set up Windows Platform SDK to compile it correctly.

Detailed Description

Credits

  • CorProfiler by .NET Foundation
  • Eyal Ne’emany
  • Guy Franco
  • Ephraim Neuberger
  • Yossi Sassi
  • Omer Yair

MoreTip.com

LEAVE A REPLY

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.