{
	"id": "b2b64480-68b8-4ec3-a2d9-bc5f0b66f298",
	"created_at": "2026-04-06T01:29:38.245613Z",
	"updated_at": "2026-04-10T03:21:47.680804Z",
	"deleted_at": null,
	"sha1_hash": "f7cf95757150c60033c80d3cbe5c1ca912315cd1",
	"title": "GitHub - OmerYa/Invisi-Shell: Hide your Powershell script in plain sight. Bypass all Powershell security features",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 37128,
	"plain_text": "GitHub - OmerYa/Invisi-Shell: Hide your Powershell script in\r\nplain sight. Bypass all Powershell security features\r\nBy OmerYa\r\nArchived: 2026-04-06 01:14:51 UTC\r\nHide your powershell script in plain sight! Invisi-Shell bypasses all of Powershell security features (ScriptBlock\r\nlogging, Module logging, Transcription, AMSI) by hooking .Net assemblies. The hook is performed via CLR\r\nProfiler API.\r\nWork In Progress\r\nThis is still a preliminary version intended as a POC. The code works only on x64 processes and tested against\r\nPowershell V5.1.\r\nUsage\r\nCopy the compiled InvisiShellProfiler.dll from /x64/Release/ folder with the two batch files from the root\r\ndirectory (RunWithPathAsAdmin.bat \u0026 RunWithRegistryNonAdmin.bat) to the same folder.\r\nRun either of the batch files (depends if you have local admin privelledges or not)\r\nPowershell console will run. Exit the powershell using the exit command (DON'T CLOSE THE\r\nWINDOW) to allow the batch file to perform proper cleanup.\r\nCompilation\r\nProject was created with Visual Studio 2013. You should install Windows Platform SDK to compile it properly.\r\nDetailed Description\r\nMore info can be found on the DerbyCon presentation by Omer Yair (October, 2018).\r\nCredits\r\nCorProfiler by .NET Foundation\r\nEyal Ne'emany\r\nGuy Franco\r\nEphraim Neuberger\r\nYossi Sassi\r\nOmer Yair\r\nhttps://github.com/OmerYa/Invisi-Shell\r\nPage 1 of 2\n\nSource: https://github.com/OmerYa/Invisi-Shell\r\nhttps://github.com/OmerYa/Invisi-Shell\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"MITRE"
	],
	"references": [
		"https://github.com/OmerYa/Invisi-Shell"
	],
	"report_names": [
		"Invisi-Shell"
	],
	"threat_actors": [],
	"ts_created_at": 1775438978,
	"ts_updated_at": 1775791307,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/f7cf95757150c60033c80d3cbe5c1ca912315cd1.pdf",
		"text": "https://archive.orkl.eu/f7cf95757150c60033c80d3cbe5c1ca912315cd1.txt",
		"img": "https://archive.orkl.eu/f7cf95757150c60033c80d3cbe5c1ca912315cd1.jpg"
	}
}