diff options
| author | heqnx <root@heqnx.com> | 2025-06-03 23:28:57 +0300 |
|---|---|---|
| committer | heqnx <root@heqnx.com> | 2025-06-03 23:28:57 +0300 |
| commit | 2970d564b506d6adb230a9430eabac5e868e8fbe (patch) | |
| tree | 7d498adeaaeef5124463367735990af50070d383 | |
| parent | 8dfccb20f6d33d7996ed3395e0efd7e366a3210b (diff) | |
| download | SharpAMSIGhosting-2970d564b506d6adb230a9430eabac5e868e8fbe.tar.gz SharpAMSIGhosting-2970d564b506d6adb230a9430eabac5e868e8fbe.zip | |
updated README
| -rw-r--r-- | README.md | 12 |
1 files changed, 3 insertions, 9 deletions
@@ -22,14 +22,14 @@ Additional resources and contributions by Andrea Bocchetti can be found on [Pack - **Visual Studio or MSBuild**: For compiling the C# source code. - **Git**: To clone the repository. - **Windows**: Compatible with Windows 10/11 -- **Reflective Loader**: A tool like [`go-assembly-ldr`](https://github.com/heqnx/go-assembly-ldr) or Cobalt Strike to load the assembly reflectively. +- **Reflective Loader**: A tool like [`go-assembly-ldr`](https://cgit.heqnx.com/go-assembly-ldr) or Cobalt Strike to load the assembly reflectively. ### Steps - Clone the repository: ``` -PS C:\> git clone https://github.com/heqnx/SharpAMSIGhosting.git +PS C:\> git clone https://cgit.heqnx.com/SharpAMSIGhosting PS C:\> cd SharpAMSIGhosting ``` @@ -46,7 +46,7 @@ PS C:\> C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe SharpAMSIGho The `SharpAMSIGhosting` code must be executed as a reflective assembly to function correctly. This typically involves: 1. Compiling the C# code into an executable or DLL. -2. Using a reflective loader (e.g., PowerShell, MSBuild, or InstallUtil loader from [`go-assembly-ldr`](https://github.com/heqnx/go-assembly-ldr), or `execute-assembly` from CS) to inject the assembly into memory. +2. Using a reflective loader (e.g., PowerShell, MSBuild, or InstallUtil loader from [`go-assembly-ldr`](https://cgit.heqnx.com/go-assembly-ldr), or `execute-assembly` from CS) to inject the assembly into memory. 3. Executing the `Main` or `Execute` method to perform the AMSI bypass. ## Notes @@ -55,10 +55,6 @@ The `SharpAMSIGhosting` code must be executed as a reflective assembly to functi - **System Requirements**: The target system must have `rpcrt4.dll`. - **Detection Risk**: While the tool aims to evade AMSI, modern EDR solutions may detect memory manipulation or hooking behavior. -## Automated Releases - -Check the GitHub Releases page for the new release with attached binaries. - ## License This project is licensed under the GNU GENERAL PUBLIC LICENSE. See the LICENSE file for details. @@ -66,5 +62,3 @@ This project is licensed under the GNU GENERAL PUBLIC LICENSE. See the LICENSE f ## Disclaimer `SharpAMSIGhosting` is provided "as is" without warranty. The author and contributors are not liable for any damages or legal consequences arising from its use. Use responsibly and only in authorized environments. - - |