.. /Msbuild.exe
Star

Used to compile and execute code


Paths:

Resources:
Acknowledgements:

Detection:

AWL bypass

Build and execute a C# project stored in the target XML file. 
msbuild.exe pshell.xml
Usecase: Compile and run code
Privileges required: User
OS: Windows vista, Windows 7, Windows 8, Windows 8.1, Windows 10, Windows 11
MITRE ATT&CK®: T1127.001



Execute

Build and execute a C# project stored in the target csproj file. 
msbuild.exe project.csproj
Usecase: Compile and run code
Privileges required: User
OS: Windows vista, Windows 7, Windows 8, Windows 8.1, Windows 10, Windows 11
MITRE ATT&CK®: T1127.001



Executes generated Logger DLL file with TargetLogger export 
msbuild.exe /logger:TargetLogger,C:\Loggers\TargetLogger.dll;MyParameters,Foo
Usecase: Execute DLL
Privileges required: User
OS: Windows vista, Windows 7, Windows 8, Windows 8.1, Windows 10, Windows 11
MITRE ATT&CK®: T1127.001



Execute jscript/vbscript code through XML/XSL Transformation. Requires Visual Studio MSBuild v14.0+. 
msbuild.exe project.proj
Usecase: Execute project file that contains XslTransformation tag parameters
Privileges required: User
OS: Windows vista, Windows 7, Windows 8, Windows 8.1, Windows 10, Windows 11
MITRE ATT&CK®: T1127.001



By putting any valid msbuild.exe command-line options in an RSP file and calling it as above will interpret the options as if they were passed on the command line. 
msbuild.exe @sample.rsp
Usecase: Bypass command-line based detections
Privileges required: User
OS: Windows vista, Windows 7, Windows 8, Windows 8.1, Windows 10, Windows 11
MITRE ATT&CK®: T1036