• Stars
    star
    129
  • Rank 279,262 (Top 6 %)
  • Language
    C++
  • License
    MIT License
  • Created about 4 years ago
  • Updated over 2 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Exploring in-memory execution of .NET

InMemoryNET

This project is entirely a POC, it was my research into looking at how execute-assembly works within Cobalt Strike.

I originally wrote this about two years ago, but I felt I needed to update to download file remotely in order to test In-Process Patchless AMSI Bypass from EthicalChaos. Albeit, this project does NOT contain that POC.

InMemoryNET will:

  1. Reach out to a URL
  2. Download a file to a buffer
  3. Execute via CLR

Referenced projects:

  1. HostingCLR
  2. metasploit-execute-assembly
  3. Hiding your .NET - ETW

Example:

 ~ InMemoryNET ~
InMemoryNET.exe <url> <assembly args>