ExecuteAssembly插件使用

https://github.com/med0x2e/ExecuteAssembly

ExecuteAssembly --dotnetassembly /Users/wing/RedTeamWing/RedTeamTookit/cnascripts/Github/cobalt_strike_extension_kit/exe/Seatbelt.exe --assemblyargs LogonSessions --unlink-modules --stomp-headers --amsi --etw --spawnto PresentationHost.exe

ExecuteAssembly --amsi --etw --dotnetassembly /Users/wing/RedTeamWing/RedTeamTookit/cnascripts/Github/cobalt_strike_extension_kit/exe/SharpWMI.exe --assemblyargs action=query query="select * from win32_process" --spawnto PresentationHost.exe

没测试成功

晚上不想调代码,睡觉