64-bit FSharp (F#) Interpreter included with Visual Studio and DotNet Core SDK.
Paths:
- C:\Program Files\dotnet\sdk\<version>\FSharp\fsi.exe
- C:\Program Files (x86)\Microsoft Visual Studio\2019\Professional\Common7\IDE\CommonExtensions\Microsoft\FSharp\fsi.exe
AWL bypass
-
Execute F# code via script file
fsi.exe {PATH:.fsscript}
- Use case
- Execute payload with Microsoft signed binary to bypass WDAC policies
- Privileges required
- User
- Operating systems
- Windows 10 2004 (likely previous and newer versions as well)
- ATT&CK® technique
- T1059
- Tags
Execute: FSharp
-
Execute F# code via interactive command line
fsi.exe
- Use case
- Execute payload with Microsoft signed binary to bypass WDAC policies
- Privileges required
- User
- Operating systems
- Windows 10 2004 (likely previous and newer versions as well)
- ATT&CK® technique
- T1059
- Tags
Execute: FSharp