Common Language Runtime: Part 3

January 22, 2021

A long time ago I started a series on looking into the CLR. Since that last post, I have adapted it massively adopted it into a DLL. I didn't post it as I was actively using it. But now its been quite documented so I can throw this into the fire too.

Executing shellcode with Unsafe Native Methods in PowerShell

September 30, 2020

Executing shellcode within PowerShell isn't groundbreaking stuff, but I wanted to understand how Cobalt Strike managed it. This blog post is a look into how Cobalt Strike executes shellcode from PowerShell using the Unsafe Native Methods.

Common Language Runtime: Part 2

September 22, 2020

In my previous post, I explored CLR briefly and wrote an on-disk implementation of execute-assembly. This bothered me because its not very realistic, so in this post, I solved that problem and expanded the code to run .NET from memory whilst patching ETW and AMSI.

Common Language Runtime: Part 1

September 19, 2020

.NET Assemblies are becoming, if not already are, the preferable way to execute tooling during post-exploitation. In this post I wanted to look into what exactly the CLR is and how it operates (broadly). With that sorted, I moved into looking at how execute-assembly works and wrote an on-disk implementation.

Linky: Python3 LinkedIn Scraper

August 15, 2019

Linky is a Python3 LinkedIn Scraper which can hit up to 1000 users per run. As of now, the validation works. However, over time its likely Microsoft will stop it. But the goal of this project is to enumerate users from LinkedIn and validate them via O365. This post will document how to use it properly.