InMemoryNET

This project is entirely a POC, it was my research into looking at how execute-assembly works within Cobalt Strike.

I originally wrote this about two years ago, but I felt I needed to update to download file remotely in order to test In-Process Patchless AMSI Bypass from EthicalChaos. Albeit, this project does NOT contain that POC.

InMemoryNET will:

1. Reach out to a URL
2. Download a file to a buffer
3. Execute via CLR

Referenced projects:

1. HostingCLR
2. metasploit-execute-assembly
3. Hiding your .NET - ETW

Example:

 ~ InMemoryNET ~
InMemoryNET.exe