Note: This article is for educational purposes only. Please do not do illegal things. Any illegal acts you cause, dancylove will not be responsible for all those acts
1. InvokeStealth – Tool to help hackers bypass Anti-Virus
Invoke-Stealth is a tool to obfuscate, compress, encrypt, and transform the contents, variables, and strings of code written in PowerShell. This tool helps you to automate the decryption process of any file with different techniques. Not only that, this tool is written in Powershell language and made by author JoelGM. Thus, hackers can easily use beautiful viruses with the .ps1 extension to hack into your computer. Not only that, the method is very simple, just type a few sentences on the Terminal and you can change your own Virus. But before that, I will talk about the main functions of Invoke-Stealth.
The main function of Invoke-Stealth helps you Bypass Antivirus or encrypt code:
- Chimera: Replace strings and concatenate variables
- BetterXencyprt: Compression and encryption with random iterations
- PyFuscation: Obfuscate functions, variables, and parameters
- PSObfuscation: convert content to Byte and encode with Gzip
- ReverseB64: encode with base64 and reverse to avoid detection
2. Install and Use Invoke-Stealth to Bypass AntiVirus
To install, open Terminal and enter the following command:
sudo apt install powershell
git clone https://github.com/JoelGMSec/Invoke-Stealth.git
As for the installation on Windows, download the PowerShell language here, then open cmd and enter the following command:
powershell iwr -useb https://darkbyte.net/invoke-stealth.php -outfile Invoke-Stealth.ps1
Note: -outfile you can edit the path to download. For example, if you want to download Invoke-Stealth to the Downloads folder, enter the following: powershell iwr -useb https://darkbyte.net/invoke-stealth.php -outfile C:\Downloads\Invoke-Stealth.ps1
To Bypass Antivirus, I will do the following:
Here I have prepared a BackDoor script written in PowerShell language to test ^^
And I put this file on the virustotal website to scan. So the virus.ps1 file that I just created has been detected as having a virus. If you run this file on your own machine, Windows Defender will eat it immediately. So I will switch to the Invoke-Stealth tool as I introduced above to transform the virus :V. Sounds like a virus genetic modification =)
Here I have modified the virus.ps1 file with the function of replacing strings and variables as I said in the function section. The structure of the command is as follows: pwsh Invoke-Stealth.ps1 <filename .ps1> -technique <function>
After it finished, my virus.ps1 file was mutated as shown in the picture. Now I will try another function and see if it works, then I will try to see if it has Bypass AntiVirus. It looks so confusing :))
I will try the function of obfuscation of variables, functions and parameters!
Thus, my virus.ps1 file has changed into a different type of code. Now scan the virus to see if it has Bypass AntiVirus.
Wow, already Bypass AntiVirus successfully. This way hackers can easily take control of your computer or do anything on your computer!
The article is over so far, I hope you learn something from this article, and I also hope you don’t commit illegal acts, instead, you should study how to prevent and improve the quality of life. Safe and secure for users. Bye Bye ! Have a good day !