-
-
[转帖]ExecuteAssembly - Load/Inject .NET Assemblies
-
发表于: 2021-2-7 14:25 7774
-
ExecuteAssembly - Load/Inject .NET Assemblies
ExecuteAssembly is an alternative of CS execute-assembly, built with C/C++ and it can be used to Load/Inject .NET assemblies by; reusing the host (spawnto) process loaded CLR Modules/AppDomainManager, Stomping Loader/.NET assembly PE DOS headers, Unlinking .NET related modules, bypassing ETW+AMSI, avoiding EDR hooks via NT static syscalls (x64) and hiding imports by dynamically resolving APIs via superfasthash hashing algorithm.
https://www.kitploit.com/2021/02/executeassembly-loadinject-net.html
赞赏
他的文章
看原图
赞赏
雪币:
留言: