Assembly.Load causing detections

vril · 09.03.2023

Is it possible to refud this code? I commented this out of my stub and it was no longer detected. I am unsure how I could recode this. method.Invoke is causing 2 detections.

Код:

            var assembly = Assembly.Load(decryptedBytes);
            MethodInfo method = assembly.EntryPoint;
            method.Invoke(method, null);

Or should I move on and try to recode a runpe found on github?

DildoFagins · 09.03.2023

If the payload is detected at runtime, try bypassing AMSI. If the stub is detected at scantime try hide the Assembly.Load call by using reflection and encrypting string that are used in it.

vril · 09.03.2023

DildoFagins сказал(а):

If the payload is detected at runtime, try bypassing AMSI. If the stub is detected at scantime try hide the Assembly.Load call by using reflection and encrypting string that are used in it.

Can you please elaborate about hiding the call by using reflection? Any resources on learning how to do this? I asked chatgpt and it gave me code that did not run invoke properly and I did not understand the code. Do you have a telegram? I can pay you to teach me some simple things if u dont have the desire to do it for free.

DildoFagins · 09.03.2023

You can list assemblies that are loaded into the current appdomain, find one that has the type system.reflection.assembly, get the type object, find the correct load method in it by getting the methodinfo, then invoke it.

vril сказал(а):

I asked chatgpt

You should learn to code yourself instead of asking neural networks to code for you.

vril · 10.03.2023

DildoFagins сказал(а):

You can list assemblies that are loaded into the current appdomain, find one that has the type system.reflection.assembly, get the type object, find the correct load method in it by getting the methodinfo, then invoke it.

You should learn to code yourself instead of asking neural networks to code for you.

I normally do not use AI to write code for me. I asked this time since I do not understand it at all. I asked it to first explain what reflection in C# is and then give me a tutorial. Thank you for your help, I appreciate people like you.

sonxyz · 15.03.2023

DildoFagins сказал(а):

You can list assemblies that are loaded into the current appdomain, find one that has the type system.reflection.assembly, get the type object, find the correct load method in it by getting the methodinfo, then invoke it.

You should learn to code yourself instead of asking neural networks to code for you.

А можно как то тебе написать?

h1z1 · 27.03.2023

vril сказал(а):
Is it possible to refud this code? I commented this out of my stub and it was no longer detected. I am unsure how I could recode this. method.Invoke is causing 2 detections.
Код:
            var assembly = Assembly.Load(decryptedBytes);
            MethodInfo method = assembly.EntryPoint;
            method.Invoke(method, null);
Or should I move on and try to recode a runpe found on github?

Bypass Amsi and don't use public github source because will stay detected make you'r own amsi bypass i suggest to make it in c++

Iam realy thinking in create a tutorial on how to make a fud crypt

Assembly.Load causing detections

vril

CD-диск

DildoFagins

TPU unit

vril

CD-диск

DildoFagins

TPU unit

vril

CD-диск

sonxyz

RAID-массив

h1z1

ripper