Skip to content
This repository has been archived by the owner on Mar 20, 2024. It is now read-only.

mez-0/InMemoryNET

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

14 Commits

InMemoryNET

InMemoryNET

 
 

images

images

 
 

.gitignore

.gitignore

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

Repository files navigation

InMemoryNET

This project is entirely a POC, it was my research into looking at how execute-assembly works within Cobalt Strike.

I originally wrote this about two years ago, but I felt I needed to update to download file remotely in order to test In-Process Patchless AMSI Bypass from EthicalChaos. Albeit, this project does NOT contain that POC.

InMemoryNET will:

  1. Reach out to a URL
  2. Download a file to a buffer
  3. Execute via CLR

Referenced projects:

  1. HostingCLR
  2. metasploit-execute-assembly
  3. Hiding your .NET - ETW

Example:

 ~ InMemoryNET ~
InMemoryNET.exe <url> <assembly args>

About

Exploring in-memory execution of .NET

mez0.cc

Topics

cpp assembly clr winhttp net cobalt-strike red-team amsi execute-assembly unmanaged-code

Resources

Readme

License

MIT license
Activity

Stars

130 stars

Watchers

5 watching

Forks

26 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages