π Execute-Assembly β
execute-assembly is a command that allows operators to run .NET assemblies directly in memory, without dropping them to disk. This makes it a powerful technique for executing malicious payloads stealthily, bypassing disk-based detection mechanisms such as antivirus (AV) and Endpoint Detection and Response (EDR) solutions.
π§ Usage and Parameters β
- Basic Syntax :
bash
execute-assembly --path /path/to/assembly.exe [args]- Running SharpHound for AD Recon :
bash
execute-assembly --path /opt/tools/SharpHound.exe -- -c All