Sideloading Serenade: A Symphony of .NET Payload Techniques"

Achieving execution of your payloads in typical phishing or red-team scenarios, without being outright prevented, is a constantly moving goal post. It can be almost as frustrating as when you finally develop a payload that meets your needs, only for it to be prevented by a brittle detection logic soon thereafter - leaving you to start from square one.

In this talk, we will cover a variety of core principals we apply to our .NET payloads to increase longevity and effectiveness while decreasing burden associated with development and the build process. Topics spanning entropy-conscious obfuscation, runtime protection techniques, dynamic delivery of encryption keys, polymorphic build automation, and more will be covered. We will discuss additional options the .NET framework gives us for sideloading trusted .NET assemblies, to compliment more traditional sideloading techniques. Creating a repository of preferred techniques regarding shellcode injection and other important components of your payload will be discussed, as well as an approach for selecting from your collection of techniques for a plug n' play experience during the build process to best fit your offensive use-case. Finally, we will demonstrate how all of the concepts can be directly applied to payloads that fit a variety of use-cases: initial access, lateral movement, and more.

We hope to demonstrate that following a handful of OPSEC considerations, combined with the added trust of sideloading existing .NET assemblies, can ease the burden and lower the barrier to entry for effective .NET payload development.