Skip to content

Instantly share code, notes, and snippets.

View matt-hensley's full-sized avatar

Matt Hensley matt-hensley

View GitHub Profile
using System;
using System.Collections.Generic;
using System.Linq;
using System.Linq.Expressions;
using System.Text;
using System.Threading.Tasks;
namespace DapperSample {
public static class StaticReflection {
public static string GetMemberName<T>(
@matt-hensley
matt-hensley / global.d.ts
Created August 25, 2017 15:48
Extend SVGElement to have dataset field
interface SVGElement {
readonly dataset: DOMStringMap;
}
@matt-hensley
matt-hensley / README.md
Created July 7, 2025 19:20 — forked from byt3bl33d3r/README.md
Remote AppDomainManager Injection

This is a variation of the technique originally discovered by subtee and described here

TL;DR It essentially allows you to turn any .NET application into a lolbin by providing a configuration file and specifying the <appDomainManagerAssembly> element pointing to a specially crafted .NET assembly which executes when the application is loaded.

This variation allows you to load the AppDomainManager assembly from a UNC path or HTTP(s) server. Also disables ETW thanks to the <etwEnable> element :)

  1. Copy some binary you love to say, C:\Test. Lets use aspnet_compiler.exe as an example
  2. Compile test.cs to test.dll with a signed strong name, this is required to load an assembly outside of a .NET applications base directory.
  3. Host test.dll on a remote SMB or HTTP(S) server