# Instructions 

The following script is designed to create artifacts that teams can use to hunt, new or interesting capabilities. 

The following table top is based on the code here: https://github.com/code-scrap/DynamicWrapperDotNet

This script is self-contained.  It should dynamically write a DLL to disk and load it in to cscript.exe

To Invoke `cscript.exe stranger_things.js`
This example expects a 64bit system.
You can modify that if you wat ARM or x86 etc..

Ideas of what to hunt/test:

1. Did the anti-malware engine detect a malicious script
2. Did you observe the DLL written to disk?
3. Did you observe the DLL/ Module Load
4. What artifacts does this approach leave behind?
5. How might an attacker change this script to evade detection? hint : that 'base64 blob lol'