逆向破解>> InMemoryNET>> 返回
项目作者: mez-0

项目描述 :
Exploring in-memory execution of .NET
高级语言: C++
项目地址: git://github.com/mez-0/InMemoryNET.git
创建时间: 2020-09-24T20:09:56Z
项目社区:https://github.com/mez-0/InMemoryNET
开源协议:MIT License
下载


InMemoryNET

This project is entirely a POC, it was my research into looking at how execute-assembly works within Cobalt Strike.

I originally wrote this about two years ago, but I felt I needed to update to download file remotely in order to test In-Process Patchless AMSI Bypass from EthicalChaos. Albeit, this project does NOT contain that POC.

InMemoryNET will:

  1. Reach out to a URL
  2. Download a file to a buffer
  3. Execute via CLR

Referenced projects:

  1. HostingCLR
  2. metasploit-execute-assembly
  3. Hiding your .NET - ETW

Example:

  1.  ~ InMemoryNET ~
  2. InMemoryNET.exe <url> <assembly args>