daddycocoaman
commented
5 years ago Documenting for progress. x86 code works. Just gotta figure out why x64 crashes in a random spot.
Open byt3bl33d3r opened 5 years ago
daddycocoaman
commented
5 years ago Documenting for progress. x86 code works. Just gotta figure out why x64 crashes in a random spot.
Currently, the Mimikatz module embeds a custom version of SharpSploit to load and execute the Mimikatz DLLs in memory (it's just calling Assembly.Load() on it). From an Opsec perspective this sucks cause it's a static assembly, doesn't get dynamically compiled on the endpoint and it's just another thing AMSI can trigger on in .NET 4.8.
Ideally I would LOVE to port over the SharpSploit PE Loading code to Boolang so this entire issue goes away but it's def not trivial and is going to require a decent amount of time.