Bypass AMSI and reflectively inject PE into process
Bypass the Anti-malware scanning interface (AMSI) then load in a powershell script that can perform a reflective DLL/PE
load into either a remote or local process. This is useful for loading custom payloads and executing them in memory to
bypass local security configurations. Specify a paylod with a custom `payload.uri` fact that contains either a PE or DLL.
To load remotely, the binary must be position indepedent (i.e. compiled with -fPIC).
To view this TTPs command, you must be logged in with a professional or enterprise license.Login
Test this TTP
Download Operator (1.7.1)