[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"project-1657":3},{"id":4,"name":5,"fullName":6,"owner":7,"repo":5,"description":8,"homepage":9,"htmlUrl":10,"language":11,"languages":10,"totalLinesOfCode":10,"stars":12,"forks":13,"watchers":14,"openIssues":15,"contributorsCount":15,"subscribersCount":15,"size":15,"stars1d":16,"stars7d":17,"stars30d":18,"stars90d":15,"forks30d":15,"starsTrendScore":19,"compositeScore":20,"rankGlobal":10,"rankLanguage":10,"license":21,"archived":22,"fork":22,"defaultBranch":23,"hasWiki":24,"hasPages":22,"topics":25,"createdAt":10,"pushedAt":10,"updatedAt":26,"readmeContent":27,"aiSummary":28,"trendingCount":15,"starSnapshotCount":15,"syncStatus":29,"lastSyncTime":30,"discoverSource":31},1657,"DSCourier","DylanDavis1\u002FDSCourier","DylanDavis1","DSCourier is a proof-of-concept that uses the WinGet Configuration COM API to apply DSC configurations through Microsoft-signed binaries.","",null,"PowerShell",198,22,182,0,3,4,13,9,4.09,"MIT License",false,"main",true,[],"2026-06-12 02:00:31","# DSCourier\n\n## Description\nDSCourier is a proof-of-concept that uses the WinGet Configuration COM API to apply DSC configurations through Microsoft-signed binaries. A separate blog post provides the full technical deep dive into the technique. \n\nDSCourier was built primarily from a research topic and should be viewed as a proof-of-concept rather than a polished or complete tool. Much of its value comes from operators modifying, extending, and experimenting with it themselves, including creating their own configuration files.\n\nThis technique has has bypassed CrowdStrike Falcon, Microsoft Defender for Endpoint (MDE) and Elastic Security EDR.\n\n## Demo Videos\n\u003Cvideo src=\"https:\u002F\u002Fgithub.com\u002Fuser-attachments\u002Fassets\u002F61d29ff1-8c91-46dd-9e95-4026d8e76622\" controls muted loop width=\"100%\">\u003C\u002Fvideo>\n\n## Blog\nFull write-up: [Read the blog](https:\u002F\u002Feclipsesec.com\u002Fposts\u002FDSCourier\u002F)\n\n## Build & Release\n- `Releases` contains the compiled DSCourier binary and supporting files for execution on a target system.\n- `build.ps1` automates the build process, compiling the project and preparing binary.\n\n## Requirements\nDev machine (to build DSCourier from source):\n- Windows 10, 11, or Server 2025: for the build tooling to run\n- .NET 8 SDK (Not just runtime, SDK needed to compile)\n- Windows SDK 10.0.22621: Interop csproj targets net8.0-windows10.0.22621.0\n- Git, WinGet, PowerShell: to run the build script\n\nTarget machine (to run the built DSCourier.exe):\n- Windows 10, 11, or Server 2025: supported OS\n- WinGet itself installed because DSCourier calls into it via COM\n- WinGet Configuration Enabled: This is a WinGet feature flag (winget configure), needed because the interop uses Microsoft.Management.Configuration\n- PSDscResources PowerShell Module: a runtime dependency for whatever DSC configurations DSCourier applies\n","DSCourier 是一个概念验证项目，它通过 WinGet 配置 COM API 利用微软签名的二进制文件来应用 DSC（Desired State Configuration）配置。该项目的核心功能是通过调用 WinGet 的 COM 接口实现 DSC 配置的应用，从而绕过一些常见的端点检测和响应系统如 CrowdStrike Falcon、Microsoft Defender for Endpoint 以及 Elastic Security EDR。DSCourier 主要用于研究目的，适合安全研究人员和技术爱好者进行修改、扩展及实验，以探索新的技术可能性或测试现有安全机制的有效性。开发环境需满足 Windows 10\u002F11 或 Server 2025、.NET 8 SDK 等特定要求；目标机器则需要安装并启用 WinGet 及其配置功能。",2,"2026-06-11 02:45:17","CREATED_QUERY"]