More and more C# usage and tools collection (http://www.harmj0y.net/blog/redteaming/ghostpack/)

Some related links :

https://www.forcepoint.com/blog/security-labs/using-c-post-powershell-attacks

https://posts.specterops.io/arbitrary-unsigned-code-execution-vector-in-microsoft-workflow-compiler-exe-3d9294bc5efb

http://www.harmj0y.net/blog/redteaming/ghostpack/

https://medium.com/@malcomvetter/net-process-injection-1a1af00359bc

https://www.fortynorthsecurity.com/microsoft-workflow-compiler-exe-veil-and-cobalt-strike/

https://isc.sans.edu/forums/diary/Malicious+PowerShell+Compiling+C+Code+on+the+Fly/24072/

https://zeltser.com/fileless-malware-beyond-buzzword/

https://docs.microsoft.com/en-us/dotnet/api/microsoft.csharp.csharpcodeprovider?view=netframework-4.7.2

 

 

Advertisements