Getting Executables into Memory (Going Fileless)

The Weekly Purple Team

チャンネル登録者数 6100人

2906 回視聴・ 89いいね・ 2022/11/15

Getting Executables into Memory (Going Fileless)

Today I will show how to convert C# executables into PowerShell scripts and then use download cradles to put them directly into memory. This leaves no trace of the executable on disk and can slip by AV/EDR in many cases. We will take a look at PowerShell Armoury, ConvertToPS1, and Invoke-CradleCrafter.

PowerShell Armoury: github.com/cfalta/PowerShellArmoury
Invoke-Cradle Crafter: github.com/danielbohannon/Invoke-CradleCrafter
PowerSharpPack: github.com/S3cur3Th1sSh1t/PowerSharpPack
Amsi.Fail: amsi.fail/

00:00 Introduction
01:20 PowerShell Armoury
02:32 ConvertTo-PowerShell
04:06 Running a Binary from PowerShell
04:50 How Binaries in PowerShell work
05:59 PowerSharpPack
06:56 Cradle Crafter
09:54 Loading an Armoury into Memory
12:00 Wrap Up

~-~~-~~~-~~-~
Please watch: "Red Team Tips February 1st: OPSEC Safe Active Directory Enumeration with SilentHound "
• Red Team Tips February 1st: OPSEC Saf...
~-~~-~~~-~~-~