Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings
This repository was archived by the owner on Mar 20, 2024. It is now read-only.

mez-0/InMemoryNET

BranchesTags
Open more actions menu

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

14 Commits
14 Commits
InMemoryNET
InMemoryNET
 
 
images
images
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

InMemoryNET

This project is entirely a POC, it was my research into looking at how execute-assembly works within Cobalt Strike.

I originally wrote this about two years ago, but I felt I needed to update to download file remotely in order to test In-Process Patchless AMSI Bypass from EthicalChaos. Albeit, this project does NOT contain that POC.

InMemoryNET will:

  1. Reach out to a URL
  2. Download a file to a buffer
  3. Execute via CLR

Referenced projects:

  1. HostingCLR
  2. metasploit-execute-assembly
  3. Hiding your .NET - ETW

Example:

 ~ InMemoryNET ~
InMemoryNET.exe <url> <assembly args>

About

Exploring in-memory execution of .NET

mez0.cc

Topics

cpp assembly clr winhttp net cobalt-strike red-team amsi execute-assembly unmanaged-code

Resources

Readme

License

MIT license
Activity

Stars

140 stars

Watchers

1 watching

Forks

26 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages
Morty Proxy This is a proxified and sanitized view of the page, visit original site.