# .NET In-Memory Assembly

## Theory

* <https://www.ired.team/offensive-security/code-injection-process-injection/injecting-and-executing-.net-assemblies-to-unmanaged-process>
* <https://0xpat.github.io/Malware_development_part_9/>
* <https://blog.ropnop.com/hosting-clr-in-golang/>
* <https://lsecqt.github.io/Red-Teaming-Army/malware-development/executing-csharp-assemblies-from-c-code/>

### Embedding Mono

* <https://www.mono-project.com/docs/advanced/embedding/>
* <https://medium.com/@lewiscomstive/how-to-embed-c-scripting-into-your-c-application-782b2e57245a>

## CLR customizations

* <https://securityintelligence.com/x-force/being-a-good-clr-host-modernizing-offensive-net-tradecraft/>
* <https://github.com/xforcered/Being-A-Good-CLR-Host>

## PowerShell in C

* <https://blog.scrt.ch/2025/02/18/reinventing-powershell-in-c-c/>
* <https://github.com/scrt/PowerChell>

## Tools

* <https://github.com/etormadiv/HostingCLR>
* <https://github.com/3gstudent/Homework-of-C-Language/blob/master/HostingCLR_with_arguments_XOR.cpp>
* <https://github.com/mez-0/InMemoryNET>
* <https://github.com/b4rtik/metasploit-execute-assembly>
* <https://github.com/med0x2e/ExecuteAssembly>
* <https://github.com/anthemtotheego/InlineExecute-Assembly>
* <https://github.com/kyleavery/inject-assembly>
* <https://github.com/NtDallas/sharp-execute>
* <https://github.com/VoldeSec/PatchlessCLRLoader>
* <https://github.com/VoldeSec/PatchlessInlineExecute-Assembly>
* <https://github.com/racoten/BetterNetLoader>
* <https://github.com/EricEsquivel/Inline-EA>
* <https://github.com/NtDallas/MemLoader>
* <https://github.com/ofasgard/execute-assembly-pico>
* <https://github.com/entropy-z/PostEx-Arsenal/blob/master/Shellcode/Dotnet>
* <https://github.com/NtDallas/BOF_ExecuteAssembly>

### CLRvoyance

* <https://github.com/Accenture/CLRvoyance>
* <https://github.com/kyleavery/ThirdEye>
* <https://web.archive.org/web/20230601160135/https://www.accenture.com/us-en/blogs/cyber-defense/clrvoyance-loading-managed-code-into-unmanaged-processes>
* [https://github.com/moom825/CsharpRootkit/blob/main/64bit\_inject\_csharp\_run.asm](https://github.com/moom825/CsharpRootkit/blob/main/64bit%20inject%20c%23%20run.asm)