Invoke-ReflectivePEInjection
Invoke-ReflectivePEInjection is a PowerShell script which can reflectively load and execute a windows PE file such as an EXE or DLL inside the PowerShell process on a remote computer without writing to disk. This is accomplished by (partially) rewriting the Win32 functionality which loads EXEs/DLLs in PowerShell.
The script allows a penetration tester to:
Execute EXEs/DLLs on remote computers without writing to disk (detection is extremely difficult)
Execute existing tools inside the PowerShell process (potentially bypassing application whitelisting)
Hide reflectively loaded EXEs/DLLs from tools such as ListDLL's which lists all loaded DLL's
Bypass antivirus by never writing anything to disk, everything happens in memory using PowerShell remoting
Note:
A beta version of the script is currently available for download on Github at: https://github.com/clymb3r/PowerShell. The final version will be a part of PowerSploit (and hopefully synced in to Kali linux).