Repository contains code samples weaponized for use with Covenant (https://github.com/cobbr/Covenant) and donut (https://github.com/TheWover/donut) and TikiTorch (https://github.com/rasta-mouse/TikiTorch).
Techniques are partially described under this writing: https://medium.com/@ditrizna/red-team-use-case-of-open-source-weaponization-5b22b0e287a5
Injection that does not relies on RWX right permissions is located under PAYLOAD_INJECT/inject_rw_rx.cs.
Delivery that uses mshta.exe instead of WebDav is located under download_compile_and_exec.hta.
Potential improvements:
* adding an execution methods to PAYLOAD_INJECT samples in order to launch using installutil.exe, regsvr.exe
* adding a persistence already in PAYLOAD EXEC stage