Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/NVISOsecurity/DInvisibleRegistry

DInvisibleRegistry
https://github.com/NVISOsecurity/DInvisibleRegistry

Last synced: 22 days ago
JSON representation

DInvisibleRegistry

Host: GitHub
URL: https://github.com/NVISOsecurity/DInvisibleRegistry
Owner: NVISOsecurity
License: bsd-3-clause
Created: 2020-11-19T19:44:38.000Z (about 4 years ago)
Default Branch: main
Last Pushed: 2020-11-20T08:47:15.000Z (about 4 years ago)
Last Synced: 2024-08-04T17:09:01.302Z (4 months ago)
Language: C#
Size: 14.6 KB
Stars: 81
Watchers: 5
Forks: 11
Open Issues: 1
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

awesome-hacking-lists - NVISOsecurity/DInvisibleRegistry - DInvisibleRegistry (C# #)

README

        Details on why this poc was released can be found on the following blogpost: 

https://blog.nviso.eu/2020/11/20/dynamic-invocation-in-net-to-bypass-hooks/

This PoC is just to showcase several cool functions of the Dynamic invocation library created as part of the Sharpsploit suite.

``` 

$$$$$$$\  $$\                     $$\           $$\ $$\       $$\           $$$$$$$\                      $$\             $$\

$$  __$$\ \__|                    \__|          \__|$$ |      $$ |          $$  __$$\                     \__|            $$ |

$$ |  $$ |$$\ $$$$$$$\ $$\    $$\ $$\  $$$$$$$\ $$\ $$$$$$$\  $$ | $$$$$$\  $$ |  $$ | $$$$$$\   $$$$$$\  $$\  $$$$$$$\ $$$$$$\    $$$$$$\  $$\   $$\

$$ |  $$ |$$ |$$  __$$\\$$\  $$  |$$ |$$  _____|$$ |$$  __$$\ $$ |$$  __$$\ $$$$$$$  |$$  __$$\ $$  __$$\ $$ |$$  _____|\_$$  _|  $$  __$$\ $$ |  $$ |

$$ |  $$ |$$ |$$ |  $$ |\$$\$$  / $$ |\$$$$$$\  $$ |$$ |  $$ |$$ |$$$$$$$$ |$$  __$$< $$$$$$$$ |$$ /  $$ |$$ |\$$$$$$\    $$ |    $$ |  \__|$$ |  $$ |

$$ |  $$ |$$ |$$ |  $$ | \$$$  /  $$ | \____$$\ $$ |$$ |  $$ |$$ |$$   ____|$$ |  $$ |$$   ____|$$ |  $$ |$$ | \____$$\   $$ |$$\ $$ |      $$ |  $$ |

$$$$$$$  |$$ |$$ |  $$ |  \$  /   $$ |$$$$$$$  |$$ |$$$$$$$  |$$ |\$$$$$$$\ $$ |  $$ |\$$$$$$$\ \$$$$$$$ |$$ |$$$$$$$  |  \$$$$  |$$ |      \$$$$$$$ |

\_______/ \__|\__|  \__|   \_/    \__|\_______/ \__|\_______/ \__| \_______|\__|  \__| \_______| \____$$ |\__|\_______/    \____/ \__|       \____$$ |

                                                                                                $$\   $$ |                                  $$\   $$ |

                                                                                                \$$$$$$  |                                  \$$$$$$  |

                                                                                                 \______/                                    \______/

Old meets new... Persistence is key....

Developed by @jean_maes_1994

 Usage:

  -n, --normal               Uses the regular DInvoke method

  -m, --manual, --manual-map Uses the manualmap method

  -o, --deception            uses the overload method for deception

  -?, --help                 Show Help

  -h, --reg-hide             hide the registry key using null byte magic

  -d, --del, --delreg        deletes given regkey

      --rh, --reg-hive=VALUE the registry hive you want to add a key to

                               (HKLM/HKCU)

      --rs, --reg-sub=VALUE  the subtree you want to open a handle to needs

                               to start with a \ ex. \SOFTWARE

      --rk, --reg-key=VALUE  the name of the registry key you want to write

      --rv, --rkv, --reg-value=VALUE

                             the value of the registry key you want to write

```