Getting Executables into Memory (Going Fileless)

Today I will show how to convert C# executables into PowerShell scripts and then use download cradles to put them directly into memory. This leaves no trace of the executable on disk and can slip by AV/EDR in many cases. We will take a look at PowerShell Armoury, ConvertToPS1, and Invoke-CradleCrafter. PowerShell Armoury: https://github.com/cfalta/PowerShellArmoury Invoke-Cradle Crafter: https://github.com/danielbohannon/Invoke-CradleCrafter PowerSharpPack: https://github.com/S3cur3Th1sSh1t/PowerSharpPack Amsi.Fail: https://amsi.fail 00:00 Introduction 01:20 PowerShell Armoury 02:32 ConvertTo-PowerShell 04:06 Running a Binary from PowerShell 04:50 How Binaries in PowerShell work 05:59 PowerSharpPack 06:56 Cradle Crafter 09:54 Loading an Armoury into Memory 12:00 Wrap Up -~-~~-~~~-~~-~- Please watch: "Red Team Tips February 1st: OPSEC Safe Active Directory Enumeration with SilentHound " https://www.youtube.com/watch?v=MRLZO17ZrmA -~-~~-~~~-~~-~-