jcwilliamsATmitre
commented
3 years ago Hey @mark777t!
We tried to keep the instructions generic in case you were using another C2, but yeah you can just use the generated PoshC2 DLL payloads. In terms of our plan it really doesn't matter which DLL you choose (but check out the .NET version comparability on your victim), but fwiw we used Sharp_v4_x64.dll.
mark777t
In the payload preparations: Generate DLL payload, then on a separate Windows host: [CMD] > certutil -encode [file].dll blob
Is this dll from the posh2? If yes, there are multiple dll files in the posh2 payloads. Which one should i use?