Search
Collection
Category
Tag
Blog
Pricing
Submit

Newsletter

Join the Community

Subscribe to our newsletter for the latest news and updates

Email

AISecKit

Curated AI security tools & LLM safety resources for cybersecurity professionals

Product

Search
Collection
Category
Tag

Resources

Blog
Pricing
Submit

Tools

🔥Marathons Tools

Company

About Us
Privacy Policy
Terms of Service
Sitemap

Copyright © 2025 All Rights Reserved.

Home
Category
Inline-EA

Inline-EA

Cobalt Strike BOF for evasive .NET assembly execution.

image for Inline-EA

Introduction

Information

Publisher
AISecKit
Websitegithub.com
Published date2025/04/28

Categories

Penetration Testing
Red Team Testing Tools
Exploitation Frameworks

Tags

Endpoint Security
Red Team Operations

More Products

image of Phantom

DevSecOps ToolsPenetration TestingVulnerability Scanners

Phantom

A browser extension for SRC vulnerability mining, collecting sensitive information and suspicious clues from web pages.

Security Auditing Open Source Incident Response Vulnerability Scanning API Security+1

Exploiting AI

An introductory class on understanding AI security risks and mitigation strategies.

Prompt Injection Generative AI Red Team Testing Data Poisoning

Folly

Open-source LLM Prompt-Injection and Jailbreaking Playground for testing LLM security vulnerabilities.

Prompt Injection Open Source API Security Security Testing LLM Security+1

Inline-EA

Inline-EA is a Beacon Object File (BOF) designed for executing .NET assemblies stealthily within the current Beacon process. It was developed to bypass leading security solutions like Elastic and CrowdStrike Falcon.

Key Features:

Evasive Execution: Execute .NET assemblies without detection by security products.
AMSI Bypass: Optionally bypass AMSI by modifying clr.dll directly in memory.
ETW Bypass: Utilize EAT hooking to prevent logging by ETW.
Exit Patching: Includes an option to patch System.Environment.Exit to prevent process termination, although this feature may be detected.

Benefits:

Ideal for security professionals and penetration testers aiming to execute .NET payloads under radar.
Supports running assemblies with additional options to enhance stealth.

How to Use:

Compile code from the src/ directory.
Place the inline-ea.cna and inline-ea.x64.o in the same directory.
Load the script into your Cobalt Strike script manager.

Help Command:

Use help inline-ea in the Beacon console for usage details.