What is the purpose of this PR / why it is needed?
Adversaries can abuse the CLR search order to load the malicious assembly from a writable directory by simply following the assembly file naming conventions and ensuring the .NET LOBIN is executed with the right environment variables set.
What type of change does this PR introduce?
[x] New feature (non-breaking change which adds functionality)
Any specific area of the project related to this PR?
What is the purpose of this PR / why it is needed?
Adversaries can abuse the CLR search order to load the malicious assembly from a writable directory by simply following the assembly file naming conventions and ensuring the .NET LOBIN is executed with the right environment variables set.
What type of change does this PR introduce?
Any specific area of the project related to this PR?
Special notes for the reviewer:
Does this PR introduce a user-facing change?