Joe
I think the slight backwards incompatibility is fine so long as it's not crashing.
Yes, we currently create a new process and then inject the .NET assembly into it, so it doesn't pair well with the bypass BOFs. We probably should implement a better...
@rkervella you know the `execute-assembly` code better than me, would it be hard to add a `pid` or something?
Yea, I've actually not seen Defender flag `execute-assembly` before, but we've not jumped thru hoops to make it harder to detect either afaik.
`ps` should colorize the current implant process as green, but you still have a good point that this data should be more accessible.
We can probably do something like that.
I think the armory is a path handling bug, tbh we don't test the windows client as well as the others. The `shell` issue looks like it may be separate...
We'll probably have to patch the armory installation code, looks like it's something related to Windows' relative paths not behaving like Unix-like paths. WSL+Linux client should work as an interim...
You will need to use `\\` for backslashes, this isn't a bug but the way our shell interpreter works.
Not really without switching the entire shell repl library we use (this is used to encoding lots of things), we are working on a GUI that will be out ......