Invisi-Shell: Bypass all Powershell security features

Invisi-Shell

Hide your powershell script in plain sight! Invisi-Shell bypasses all of Powershell security features (ScriptBlock logging, Module logging, Transcription, AMSI) by hooking .Net assemblies. The hook is performed via CLR Profiler API.

Download

git clone https://github.com/OmerYa/Invisi-Shell.git

Compilation

Project was created with Visual Studio 2013. You should install the Windows Platform SDK to compile it properly.

Use

  • Copy the compiled InvisiShellProfiler.dll from /x64/Release/ folder with the two batch files from the root directory (RunWithPathAsAdmin.bat & RunWithRegistryNonAdmin.bat) to the same folder.
  • Run either of the batch files (depends if you have local admin privileges or not)
  • Powershell console will run. Exit the powershell using the exit command (DON’T CLOSE THE WINDOW) to allow the batch file to perform proper cleanup.

Demo

Copyright (c) 2018 Javelin Networks

Copyright (c) 2016 .NET Foundation

Source: https://github.com/OmerYa/

Anastasis Vasileiadis

PC Technical || Penetration Tester || Ethical Hacker || Cyber Security Expert || Cyber Security Analyst || Information Security Researcher || Malware analyst || Malware Investigator || Reverse Engineering

SC ProDefence SRL - Cyber Security Services