Description:<br />In this educational demo, we test how Windows Defender and AMSI respond to two well-known .NET tools — Quasar and Rubeus — when executed through a custom CLR-based loader, GoInvoker.<br /><br />The test is performed in a fully updated Windows 11 virtual machine with real-time protection enabled. We compare the original executables to modified loader-based versions and analyze Defender behavior.<br /><br />References:<br />š IBM X-Force Red —<br />Being a Good CLR Host: Modernizing Offensive .NET Tradecraft<br />https://www.ibm.com/think/x-force/being-a-good-clr-host-modernizing-offensive-net-tradecraft<br /><br />š NTT Data Security Research —<br />Radar Magazine Supplement – July 2024 (PDF)<br />https://www.nttdata.com/global/en/-/media/nttdataglobal/1_files/services/cybersecurity/radar_magazine/2024/radar_supplement_july.pdf<br /><br />Github:<br />https://github.com/hexsecteam/go-invoker-clr<br />https://github.com/quasar/Quasar<br /><br />Free Udemy course:<br />udemy.com/user/kruel-illioth/<br /><br />DISCLAIMER:<br />All content posted on this Youtube channel is SOLELY FOR Educational and Awareness purposes ONLY. Any actions and/or activities related to the material presented in this Youtube channel is entirely YOUR responsibility. <br /><br />We DO NOT promote, support, encourage any illegal activities such as hacking, and we WILL NOT BE HELD responsible in the event of any misuse and abuse of the content resulting in any criminal charges. <br /><br />Support the HexSec Community<br />If you find value in our work and would like to support the HexSec community, you can contribute by making a donation. Your support helps us continue developing innovative and high-quality tools for the cybersecurity and IT community.<br /><br />Donate:<br />ETH: 0x3E79B73e3ce33c6B860425DCB40c6D2f4F2aC508 <br />BTC: bc1qpex9u7x4a6kj4nf6fee7mz54vsv4th2rj2pt30<br /><br /><br />For more details: <br />Contact on Telegram: @Hexsecteam<br />Group on Telegram: @hexsec_tools<br /><br />Stay connected:<br />Udemy: udemy.com/user/kruel-illioth<br />Github: https://github.com/hexsecteam<br /><br />#CyberSecurity #GoInvoker #RedTeam #Quasar #Rubeus #WindowsDefender #AMSI #LoaderTest #Educational
