I created Custom Programs/binaries For my engagements. Most of these were created during my engagement period. I will share some of them for educational purposes.
I originally published this article on Medium. (https://nyameeeain.medium.com/web-download-cradle-with-amsi-patching-without-powershell-exe-225c31f06e25). I implemented ASMI patching techniques within a c# program in order to bypass AMSI in dotnet runtime. Once AMSI is patched sequentially, a PowerShell script will be downloaded from GitHub.
The Command Runner program sequentially conducts local and network enumeration (e.g., services, network interfaces, local host enumeration, and service. Output is located in the public folder, including timestamps for each command then each command is mapped with the corresponding MITRE ID for reporting purposes.
This program creates a local user and adds them to the local administrator group.
I inspired the following blog to come out of this Powershell script. https://www.blazeinfosec.com/post/tearing-amsi-with-3-bytes/