Cyber security

InvisibilityCloak – A Game-Changer In C# Post-Exploitation Tools

Proof-of-concept obfuscation toolkit for C# post-exploitation tools. This will perform the below actions for a C# visual studio project.

  • Change the tool name
  • Change the project GUID
  • Obfuscate compatible strings in source code files based on obfuscation method entered by user
  • Removes one-line comments (e.g. // this is a comment)
  • Remove PDB string option for compiled release .NET assembly

Blog Post

String Candidates Not Obfuscated

The below string candidates are not included in obfuscation

  • Strings less than 3 characters
  • Strings using string interpolation (e.g., Console.WriteLine($"Hello, {name}! Today is {date.DayOfWeek}, it's {date:HH:mm} now.");)
  • Case statements as they need to be static values
  • Const vars as they need to be static values
  • Strings in method signatures as they need to be static values
  • Line with " => " as used in switch statement and needs to be static value.
  • is in an if statement when doing comparison as the values compared must be static
  • Strings within Regexes
  • Override strings as they need to be static values
  • The below random edge cases for strings, as they have caused issues when encoding/decoding
    • String starting with or ending with '
    • ""' in the line
    • + @" in the line
    • """ in the line
    • "" in the line
    • Encoding.Unicode.GetString in the line
    • Encoding.Unicode.GetBytes in the line
    • Encoding.ASCII.GetBytes in the line
    • Line starting with " and ending with ")]. This is typically used for command line switches and needs to be static value.

Support Information

  • Windows
  • Linux (Debian-based systems)
  • Python3

Arguments/Options

  • -d, --directory – directory where your visual studio project is located
  • -m, --method – obfuscation method (base64, rot13, reverse)
  • -n, --name – name of your new tool
  • -h, --help – help menu
  • --version – get version of tool

Usage/Examples

Run InvisibilityCloak With String Obfuscation

Base64 String Obfuscation

python InvisibilityCloak.py -d /path/to/project -n "TotallyLegitTool" -m base64

python InvisibilityCloak.py -d C:\path\to\project -n "TotallyLegitTool" -m base64

ROT13 String Obfuscation

python InvisibilityCloak.py -d /path/to/project -n "TotallyLegitTool" -m rot13

python InvisibilityCloak.py -d C:\path\to\project -n "TotallyLegitTool" -m rot13

Reverse String Obfuscation

python InvisibilityCloak.py -d /path/to/project -n "TotallyLegitTool" -m reverse

python InvisibilityCloak.py -d C:\path\to\project -n "TotallyLegitTool" -m reverse

Run InvisibilityCloak Without String Obfuscation

python InvisibilityCloak.py -d /path/to/project -n "TotallyLegitTool"

python InvisibilityCloak.py -d C:\path\to\project -n "TotallyLegitTool"

Varshini

Varshini is a Cyber Security expert in Threat Analysis, Vulnerability Assessment, and Research. Passionate about staying ahead of emerging Threats and Technologies.

Recent Posts

Pystinger : Bypass Firewall For Traffic Forwarding Using Webshell

Pystinger is a Python-based tool that enables SOCKS4 proxying and port mapping through webshells. It…

6 days ago

CVE-Search : A Tool To Perform Local Searches For Known Vulnerabilities

Introduction When it comes to cybersecurity, speed and privacy are critical. Public vulnerability databases like…

6 days ago

CVE-Search : A Tool To Perform Local Searches For Known Vulnerabilities

Introduction When it comes to cybersecurity, speed and privacy are critical. Public vulnerability databases like…

7 days ago

How to Bash Append to File: A Simple Guide for Beginners

If you are working with Linux or writing bash scripts, one of the most common…

7 days ago

Mastering the Bash Case Statement with Simple Examples

What is a bash case statement? A bash case statement is a way to control…

7 days ago

How to Check if a File Exists in Bash – Simply Explained

Why Do We Check Files in Bash? When writing a Bash script, you often work…

1 week ago