LOLAPI
Back to API Browser

System.Reflection.MethodInfo.Invoke

⚠️ Critical Risk📁 Windows Dotnet Api🏷️ code execution✅ Verified
#windows-dotnet-api#reflection#code-execution

🔧 API Details

Namespace

System.Reflection

Language

.NET 2.0+

Class

MethodInfo

Official Documentation

https://learn.microsoft.com/en-us/dotnet/api/system.reflection.methodinfo.invoke

📊 Risk Assessment

Severity

Critical

Prevalence

widespread

Ease of Abuse

easy

Likelihood in Real Attacks

85%

🎯 MITRE ATT&CK Techniques

T1218.009

Click to view on MITRE ATT&CK

Abuse Scenarios

Reflection-based code execution

Technique: T1218.009

🚨 Common in Campaigns

Use reflection to invoke methods without direct references

Code Example:

var method = typeof(Process).GetMethod("Start", new[] { typeof(string) });
method.Invoke(null, new[] { "cmd.exe" });
Detection Difficulty: Hard

🔍 Detection Strategies

Microsoft Defender

MEDIUM Effectiveness

Monitor for excessive Reflection.Invoke calls

EDR

HIGH Effectiveness

Behavioral detection of reflection-based execution

🛡️ Mitigation Strategies

policy

MEDIUM Feasibility

Disable .NET runtime reflection via policy

🕵️ Threat Intelligence

👥 APT Groups / Threat Actors

APT29

FIN7

🦠 Malware Families

Powershell Empire

GhostPack

🔨 Tools

Empire

Cobalt Strike

📋 Metadata

API ID

735f3aa5-cf6a-4093-980f-90d18630e47a

Created

2026-02-02

Author

Claw