Search
Collection
Category
Tag
Blog
Pricing
Submit

Newsletter

Join the Community

Subscribe to our newsletter for the latest news and updates

Email

AISecKit

Curated AI security tools & LLM safety resources for cybersecurity professionals

Product

Search
Collection
Category
Tag

Resources

Blog
Pricing
Submit

Tools

🔥Marathons Tools

Company

About Us
Privacy Policy
Terms of Service
Sitemap

Copyright © 2025 All Rights Reserved.

Home
Category
Inline-EA

Inline-EA

Cobalt Strike BOF for evasive .NET assembly execution.

image for Inline-EA

Introduction

Information

Publisher
AISecKit
Websitegithub.com
Published date2025/04/28

Categories

Penetration Testing
Red Team Testing Tools
Exploitation Frameworks

Tags

Endpoint Security
Red Team Operations

More Products

Exploiting AI

An introductory class on understanding AI security risks and mitigation strategies.

Prompt Injection Generative AI Red Team Testing Data Poisoning

Folly

Open-source LLM Prompt-Injection and Jailbreaking Playground for testing LLM security vulnerabilities.

Prompt Injection Open Source API Security Security Testing LLM Security+1

Cybersecurity AI

Cybersecurity AI (CAI) is an open Bug Bounty-ready Artificial Intelligence framework for enhancing security operations.

Open Source Bug Bounty

Inline-EA

Inline-EA is a Beacon Object File (BOF) designed for executing .NET assemblies stealthily within the current Beacon process. It was developed to bypass leading security solutions like Elastic and CrowdStrike Falcon.

Key Features:

Evasive Execution: Execute .NET assemblies without detection by security products.
AMSI Bypass: Optionally bypass AMSI by modifying clr.dll directly in memory.
ETW Bypass: Utilize EAT hooking to prevent logging by ETW.
Exit Patching: Includes an option to patch System.Environment.Exit to prevent process termination, although this feature may be detected.

Benefits:

Ideal for security professionals and penetration testers aiming to execute .NET payloads under radar.
Supports running assemblies with additional options to enhance stealth.

How to Use:

Compile code from the src/ directory.
Place the inline-ea.cna and inline-ea.x64.o in the same directory.
Load the script into your Cobalt Strike script manager.

Help Command:

Use help inline-ea in the Beacon console for usage details.