- Fully ported to D/Invoke API.
- Encrypted payloads which can be invoked from a URL or passed in base64 as an argument.
- Built-in AMSI bypass based on @rasta-mouse method.
- Sandbox detection & evasion.
ℹ️ Based on my testings the DInvoke NuGet package itself is being flagged by many commercial AV/EDR solutions when included as an embedded resource via Costura.Fody (or similar approaches), so I’ve shrinked it a bit and included from source to achieve better OpSec.