Invisi-Shell is a tool used to hide your powershell script in plain sight! Invisi-Shell bypasses all of Powershell security features (ScriptBlock logging, Module logging, Transcription, AMSI) by hooking .Net assemblies. The hook is performed via CLR Profiler API.

Invisi-Shell Usage

  • Copy the compiled InvisiShellProfiler.dll from /x64/Release/ folder with the two batch files from the root directory (RunWithPathAsAdmin.bat & RunWithRegistryNonAdmin.bat) to the same folder.
  • Run either of the batch files (depends if you have local admin privelledges or not)
  • Powershell console will run. Exit the powershell using the exit command (DON’T CLOSE THE WINDOW) to allow the batch file to perform proper cleanup.

Also ReadRobber : Tool For Finding Executables Prone To DLL Hijacking


Project was created with Visual Studio 2013. You should install Windows Platform SDK to compile it properly.

Video Tutorial


This is still a preliminary version intended as a POC. The code works only on x64 processes and tested against Powershell V5.1

Credit: CorProfiler by .NET Foundation, Eyal Ne’emany, Guy Franco,Ephraim Neuberger, Yossi Sassi & Omer Yair