mez-0/InMemoryNET mez-0/InMemoryNET

  • Stars
    star
    129
  • Rank 277,603 (Top 6 %)
  • Language
    C++
  • License
    MIT License
  • Created almost 4 years ago
  • Updated over 2 years ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
mez-0/InMemoryNET
github

mez-0

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Exploring in-memory execution of .NET

InMemoryNET

This project is entirely a POC, it was my research into looking at how execute-assembly works within Cobalt Strike.

I originally wrote this about two years ago, but I felt I needed to update to download file remotely in order to test In-Process Patchless AMSI Bypass from EthicalChaos. Albeit, this project does NOT contain that POC.

InMemoryNET will:

  1. Reach out to a URL
  2. Download a file to a buffer
  3. Execute via CLR

Referenced projects:

  1. HostingCLR
  2. metasploit-execute-assembly
  3. Hiding your .NET - ETW

Example:

 ~ InMemoryNET ~
InMemoryNET.exe <url> <assembly args>

More Repositories

1

MS17-010-Python

MS17-010: Python and Meterpreter
Python
353
star
2

CSharpWinRM

.NET 4.0 WinRM API Command Execution
C#
160
star
3

winrmdll

C++ WinRM API via Reflective DLL
C++
138
star
4

MoveScheduler

.NET 4.0 Scheduled Job Lateral Movement
C#
83
star
5

DecryptRDCManager

.NET 4.0 Remote Desktop Manager Password Gatherer
C#
71
star
6

pantry

"Its probably in the pantry"
C#
29
star
7

YaraEngine

A C++ Yara Rule Runner
C++
12
star
8

NTAPI-FNV

Resolve NTAPI Functions from the Export Table with FNV Hashing.
C++
8
star
9

cis-benchmarks

CIS Benchmarks as of 20/05/2020
3
star