A Tale of an MSBuild In-Line Task

I analyzed a suspicious file found during an Incident Response (IR) that turned out to be an in-line MSBuild task. The file had a byte array with an extremely long sequence of bytes. My first thought was that it was a binary of some sort. I extracted the bytes and wrote a few lines of C … Read more