Skip to content

Instantly share code, notes, and snippets.

View matt-hensley's full-sized avatar

Matt Hensley matt-hensley

26 followers · 28 following
View GitHub Profile
@matt-hensley
matt-hensley / README.md
Created July 7, 2025 19:20 — forked from byt3bl33d3r/README.md
Remote AppDomainManager Injection

This is a variation of the technique originally discovered by subtee and described here

TL;DR It essentially allows you to turn any .NET application into a lolbin by providing a configuration file and specifying the <appDomainManagerAssembly> element pointing to a specially crafted .NET assembly which executes when the application is loaded.

This variation allows you to load the AppDomainManager assembly from a UNC path or HTTP(s) server. Also disables ETW thanks to the <etwEnable> element :)

  1. Copy some binary you love to say, C:\Test. Lets use aspnet_compiler.exe as an example
  2. Compile test.cs to test.dll with a signed strong name, this is required to load an assembly outside of a .NET applications base directory.
  3. Host test.dll on a remote SMB or HTTP(S) server
@matt-hensley
matt-hensley / nginx init.d
Last active January 11, 2016 15:26 — forked from vdel26/nginx
#!/bin/sh
#
# chkconfig: 2345 55 25
# Description: Nginx init.d script, put in /etc/init.d, chmod +x /etc/init.d/nginx
# For Debian, run: update-rc.d -f nginx defaults
# For CentOS, run: chkconfig --add nginx
#
### BEGIN INIT INFO
# Provides: nginx
# Required-Start: $all