red-team

.NET Reflection and Disposable AppDomains

Disclaimer: I didn’t come up with any of the methods or techniques described in this post. I merely glued other people’s work together – like Sharknado and Final Fantasy VIII’s Gunblade, only better. The premise of this post is to better conceal reflection and Assembly.Load() tradecraft in

cobalt-strike

Cobalt Strike Spawn & Tunnel

Cobalt Strike 4.2 introduced a new set of “spawn and tunnel” commands called spunnel and spunnel_local. Shortly after release, Raphael Mudge published a blog post entitled Core Impact and Cobalt Strike Interoperability, in which he details how these can be used to tunnel Core Impact’s agent through