Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/OmerYa/Invisi-Shell
Hide your Powershell script in plain sight. Bypass all Powershell security features
https://github.com/OmerYa/Invisi-Shell
Last synced: 22 days ago
JSON representation
Hide your Powershell script in plain sight. Bypass all Powershell security features
- Host: GitHub
- URL: https://github.com/OmerYa/Invisi-Shell
- Owner: OmerYa
- License: mit
- Created: 2018-10-14T23:32:56.000Z (about 6 years ago)
- Default Branch: master
- Last Pushed: 2019-08-19T19:55:19.000Z (over 5 years ago)
- Last Synced: 2024-11-19T22:50:11.392Z (23 days ago)
- Language: C++
- Size: 89.8 KB
- Stars: 1,105
- Watchers: 42
- Forks: 156
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
- awesome-hacking-lists - OmerYa/Invisi-Shell - Hide your Powershell script in plain sight. Bypass all Powershell security features (C++)
README
# Invisi-Shell
Hide your powershell script in plain sight! Invisi-Shell bypasses all of Powershell security features (ScriptBlock logging, Module logging, Transcription, AMSI) by hooking .Net assemblies. The hook is performed via CLR Profiler API.# Work In Progress
This is still a preliminary version intended as a POC. The code works only on x64 processes and tested against Powershell V5.1.# Usage
- Copy the compiled InvisiShellProfiler.dll from /x64/Release/ folder with the two batch files from the root directory (RunWithPathAsAdmin.bat & RunWithRegistryNonAdmin.bat) to the same folder.
- Run either of the batch files (depends if you have local admin privelledges or not)
- Powershell console will run. Exit the powershell using the exit command (DON'T CLOSE THE WINDOW) to allow the batch file to perform proper cleanup.# Compilation
Project was created with Visual Studio 2013. You should install Windows Platform SDK to compile it properly.# Detailed Description
More info can be found on the [DerbyCon presentation](http://www.irongeek.com/i.php?page=videos/derbycon8/track-3-15-goodbye-obfuscation-hello-invisi-shell-hiding-your-powershell-script-in-plain-sight-omer-yair) by Omer Yair (October, 2018).# Credits
- CorProfiler by .NET Foundation
- Eyal Ne'emany
- Guy Franco
- Ephraim Neuberger
- Yossi Sassi
- Omer Yair