October 14, 2021 at 07:32PM

■■■■■ DCOM_AV_EXEC allows for “diskless” lateral movement to a target on the same network via DCOM. The AV_Bypass_Framework_V3 creates a .NET shellcode runner (output as DLL) which can be used with the DCOM_AV_EXEC tool to bypass antivirus solutions like Microsoft Defender as all shellcode is AES encrypted and executed in memory.

.NET DCOM lateral movement tool intended for Cobalt Strike. “Diskless” and currently able to bypass MS Defender.