Invoke-PSImage is a PowerShell utility that hides, extracts, and optionally executes PowerShell payloads inside image files using simple steganography techniques. It can embed a script or binary blob into an image (commonly PNG or JPEG) and later recover that payload without leaving a separate file on disk, enabling in-memory execution workflows. The tool offers options for compression and encryption so the embedded content is both smaller and protected by a passphrase when required. It includes helpers to encode a payload into an image, decode an embedded payload back to readable form, and run the extracted content directly from memory to avoid touching disk. Designed as a compact, single-file PowerShell script, it relies on .NET imaging APIs to manipulate pixel data or metadata and to store the payload in a way that survives ordinary file transfers. Because the project enables hiding and executing code, it’s a dual-use toolkit: useful for red-team exercises, defensive steganography d
Features
- Embed PowerShell scripts or binary payloads into PNG/JPEG images using LSB or metadata techniques
- Optional compression of the payload before embedding to reduce image size overhead
- AES/passphrase encryption of the embedded payload to protect contents in transit
- Extraction routine that recovers the payload and can output to disk or to standard output
- In-memory execution mode that decodes and runs the payload without writing an unencrypted file to disk
- Simple CLI switches and single-file PowerShell implementation for quick use in red/blue team labs
Project Samples
