Loads any C# binary in mem, patching AMSI and bypassing Windows Defender
The binaries in this repo SHOULD be all clean and newly compiled from their respective GitHub repos, but feel free to compile / host your own. (Don't consider running binaries from this repo good OPSEC) Code is designed to get binaries from a GitHub repo, so should be straight forward.
- Clone your own repo from this
- Change the url on line 13 in Program.cs
- Re-Compile / add your own binaries in /Binaries (Regex looks for .bin only!)
- Build and enjoy!
Changed because Defender added some signatures related to VS ressources. (Also just way simpler)
c:\windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /t:exe /out:RandomName.exe Program.cs
Latest update / Signature fix was 16.05.2020, pretty much clean as a whistle Currently doing 24/7 signature checks, so let's see how long it takes this time
Credits to https://twitter.com/_RastaMouse for the AMSI bypass -> https://github.com/rasta-mouse/AmsiScanBufferBypass/blob/master/ASBBypass/Program.cs
Payload for MSBuild is in the repo (LOLBins) folder, might push this for varius other LOLBins aswell.
For 64 bit:
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe NetLoader.xml
For 32 bit:
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe NetLoader.xml
- Automate the build and release of many of the Sharp Tools so they automagically appear in /Binaries (CDI / Azure DevOps)
- Add support for non-interactive use (input args)
- Add support to run custom modules from your own URL or SMB Share (Great for on-the-fly Implant deployment)
- Add some missing stuff SharpSploit and SharpShell (Need to fix some deps)
- Propely confirm and test every current bin
- Add an working MSBuild XML payload for the LOLBins lovers (Myself included)
- Update with credits and links to the github repos that /Binaries are compiled from