InvisibilityCloak: PoC obfuscation toolkit for C# post-exploitation tools
InvisibilityCloak
Proof-of-concept obfuscation toolkit for C# post-exploitation tools. This will perform the below actions for a C# visual studio project.
- Change the tool name
- Change the project GUID
- Obfuscate compatible strings in source code files based on the obfuscation method entered by a user
- Removes one-line comments (e.g. // this is a comment)
- Remove PDB string option for compiled release .NET assembly
String Candidates Not Obfuscated
The below string candidates are not included in the obfuscation
- Strings less than 3 characters
- Strings using string interpolation (e.g., Console.WriteLine($”Hello, {name}! Today is {date.DayOfWeek}, it’s {date:HH:mm} now.”);)
- Case statements as they need to be static values
- Const vars as they need to be static values
- Strings in method signatures as they need to be static values
- Strings within Regexes
- Override strings as they need to be static values
- The below random edge cases for strings, as they have caused issues when encoding/decoding
- String starting with or ending with
' ""'in the line+ @"in the line"""in the line
- String starting with or ending with
Support Information
- Windows
- Linux (Debian-based systems)
- Python3
Download
git clone https://github.com/h4wkst3r/InvisibilityCloak.git
Use
Below is the difference in Seatbelt between an unobfuscated and then obfuscated version with InvisibilityCloak against Microsoft Defender using Defender Check.
