NET

Codecepticon – .NET Application That Allows You To Obfuscate C#, VBA/VB6 (Macros), And PowerShell Source Code

13 Dec 2022 By hackergadgets

Codecepticon is a .NET application that allows you to obfuscate C#, VBA/VB6 (macros), and PowerShell source code, and is developed for offensive security engagements such as Red/Purple Teams. What separates Codecepticon from other obfuscators is that it targets the source code rather than the compiled executables, and was developed specifically for AV/EDR evasion. Codecepticon allowsRead More

Chisel-Strike – A .NET XOR Encrypted Cobalt Strike Aggressor Implementation For Chisel To Utilize Faster Proxy And Advanced Socks5 Capabilities

14 Aug 2022 By hackergadgets

A .NET XOR encrypted cobalt strike aggressor implementation for chisel to utilize faster proxy and advanced socks5 capabilities. Why write this? In my experience I found socks4/socks4a proxies quite slow in comparison to its socks5 counterparts and a lack of implementation of socks5 in most C2 frameworks. There is a C# wrapper around the goRead More

RogueAssemblyHunter – Rogue Assembly Hunter Is A Utility For Discovering ‘Interesting’ .NET CLR Modules In Running Processes

14 May 2022 By hackergadgets

[*] Rogue Assembly Hunter is a utility for discovering ‘interesting’ .NET CLR modules in running processes. Author: @bohops License: MIT Project: https://github.com/bohops/RogueAssemblyHunter Background .NET is a very powerful and capable development platform and runtime framework for building and running .NET managed applications. Over the last several years, .NET has been adopted by Red Teams (andRead More

Nimcrypt2 – .NET, PE, And Raw Shellcode Packer/Loader Written In Nim

27 Mar 2022 By hackergadgets

Nimcrypt2 is yet another PE packer/loader designed to bypass AV/EDR. It is an improvement on my original Nimcrypt project, with the main improvements being the use of direct syscalls and the ability to load regular PE files as well as raw shellcode. Before going any further, I must acknowledge those who did the VAST majorityRead More

Inject-Assembly – Inject .NET Assemblies Into An Existing Process

17 Jan 2022 By hackergadgets

This tool is an alternative to traditional fork and run execution for Cobalt Strike. The loader can be injected into any process, including the current Beacon. Long-running assemblies will continue to run and send output back to the Beacon, similar to the behavior of execute-assembly. There are two components of inject-assembly: BOF initializer: A smallRead More

LACheck – Multithreaded C# .NET Assembly Local Administrative Privilege Enumeration

10 Jan 2022 By hackergadgets

[*] Multithreaded C# .NET Assembly Local Administrative Privilege Enumeration Arguments domain controller to query (if not ran on a domain-joined host) /domain – specify domain name (if not ran on a domain-joined host) /edr – check host for EDR (requires smb, rpc, or winrm) /logons – return logged on users on a host (requires smb,Read More

InlineExecute-Assembly – A PoC Beacon Object File (BOF) That Allows Security Professionals To Perform In Process .NET Assembly Execution

20 Sep 2021 By

InlineExecute-Assembly is a proof of concept Beacon Object File (BOF) that allows security professionals to perform in process .NET assembly execution as an alternative to Cobalt Strikes traditional fork and run execute-assembly module. InlineExecute-Assembly will execute any assembly with the entry point of Main(string[] args) or Main(). This should allow you to run most releasedRead More

LoGiC.NET – A More Advanced Free And Open .NET Obfuscator Using Dnlib

28 Jul 2021 By

LoGiC.NET is a free and open-source .NET obfuscator that uses dnlib for folks that want to see how obfuscation works with more complex obfuscations than Goldfuscator for example. Before obfuscation After obfuscation Dependencies dnlib v3.3.2 : Restore NuGet packages and it’ll work (if it doesn’t already). SharpConfigParser : https://github.com/AnErrupTion/LoGiC.NET/raw/master/SharpConfigParser.dll Current Features Renames methods, parameters, properties,Read More

SharpSphere – .NET Project For Attacking vCenter

04 Mar 2021 By

SharpSphere gives red teamers the ability to easily interact with the guest operating systems of virtual machines managed by vCenter. It uses the vSphere Web Services API and exposes the following functions: Command & Control – In combination with F-Secure’s C3, SharpSphere provides C&C into VMs using VMware Tools, with no direct network connectivity toRead More

ExecuteAssembly – Load/Inject .NET Assemblies

07 Feb 2021 By

ExecuteAssembly is an alternative of CS execute-assembly, built with C/C++ and it can be used to Load/Inject .NET assemblies by; reusing the host (spawnto) process loaded CLR Modules/AppDomainManager, Stomping Loader/.NET assembly PE DOS headers, Unlinking .NET related modules, bypassing ETW+AMSI, avoiding EDR hooks via NT static syscalls (x64) and hiding imports by dynamically resolving APIsRead More

X