Description:
In this educational demo, we test how Windows Defender and AMSI respond to two well-known .NET tools — Quasar and Rubeus — when executed through a custom CLR-based loader, GoInvoker.
The test is performed in a fully updated Windows 11 virtual machine with real-time protection enabled. We compare the original executables to modified loader-based versions and analyze Defender behavior.
References:
📄 IBM X-Force Red —
Being a Good CLR Host: Modernizing Offensive .NET Tradecraft
https://www.ibm.com/think/x-force/being-a-good-clr-host-modernizing-offensive-net-tradecraft
📄 NTT Data Security Research —
Radar Magazine Supplement – July 2024 (PDF)
https://www.nttdata.com/global/en/-/media/nttdataglobal/1_files/services/cybersecurity/radar_magazine/2024/radar_supplement_july.pdf
Github:
https://github.com/hexsecteam/go-invoker-clr
https://github.com/quasar/Quasar
Free Udemy course:
udemy.com/user/kruel-illioth/
DISCLAIMER:
All content posted on this Youtube channel is SOLELY FOR Educational and Awareness purposes ONLY. Any actions and/or activities related to the material presented in this Youtube channel is entirely YOUR responsibility.
We DO NOT promote, support, encourage any illegal activities such as hacking, and we WILL NOT BE HELD responsible in the event of any misuse and abuse of the content resulting in any criminal charges.
Support the HexSec Community
If you find value in our work and would like to support the HexSec community, you can contribute by making a donation. Your support helps us continue developing innovative and high-quality tools for the cybersecurity and IT community.
Donate:
ETH: 0x3E79B73e3ce33c6B860425DCB40c6D2f4F2aC508
BTC: bc1qpex9u7x4a6kj4nf6fee7mz54vsv4th2rj2pt30
For more details:
Contact on Telegram: @Hexsecteam
Group on Telegram: @hexsec_tools
Stay connected:
Udemy: udemy.com/user/kruel-illioth
Github: https://github.com/hexsecteam
#CyberSecurity #GoInvoker #RedTeam #Quasar #Rubeus #WindowsDefender #AMSI #LoaderTest #Educational
