Join GitHub today
GitHub is home to over 36 million developers working together to host and review code, manage projects, and build software together.Sign up
Dynamic Executables via .NET with Hostess' DotNetAvBypass #701
This pull request adds the following end user functionality:
Changes in lib allow for cleaner execution of powershell scripts, along with greedy cleanup. Added core methods for generating .NET compiler scripts and powershell .NET elevators (to load different .NET CLR versions into the shell).
At present, the generated payloads pass VT with 0/43 hits. Once in trunk these binaries will be flagged pretty quickly, but additional obfuscation is possible and we request that programmatic obfuscation methods be submitted for pull request. I've not yet found a reasonable way to parse and obfuscate c#/vb.net with ruby or powershell, so suggestions are welcome.