Today @harmj0y from SpectreOps released to the public his and the other team-members tools called the GhostPack http://github.com/GhostPack/
I have been following their work for a while and in my opinion they are one of the best in terms of offensive/defensive work on the PowerShell side of Windows cyber-security.
Their latest toolkit GhostPack is most of their work rewritten from Powershell scripts to C# and you can read all about it here on their official release statement https://posts.specterops.io/ghostpack-d835018c5fc4
What I have tested was
Compilation worked fine on Windows 7 Sp1 x86_64 via Visual Studio 2013 for the following
SharpDump SharpRoast SharpUp SharpWMI
Only the following needed Visual Studio 2015 (which I ran on Windows 10 x86_64)
Seatbelt
The compilation is straight forward, as taken from their Github instructions
Seatbelt has been built against .NET 3.5 and is compatible with Visual Studio 2015 Community Edition. Simply open up the project .sln, choose "release", and build.
Next I have loaded Windows 10 x86_64 with fully updated Defender and the latest patches for the build of Windows 10 17134.165
I have prepared a custom Meterpreter loader and a listener and tried to execute all the compiled GhostPack binaries from the meterpreter shell directly through memory via the following
meterpreter > execute -H -i -c -f /home/user/metasploit-framework/Seatbelt.exe -m -d calc.exe
However this did not work for any of the executables (apart from the SafetyKatz.exe which I did not even try to load this way, since it dumps files on c:/tmp to work with the minidump) Instead I have just uploaded them and executed them via a shell command from meterpreter
Finally I have prepared a video demonstration of the tests here