Recently, C# has received some attention in the security community, since it has some features that may make it more appealing to criminals than PowerShell. [Both C# and Powershell use the .NET runtime.] A Forcepoint researcher has summarized the evolvement of attack techniques in recent years, particularly looking at a recent security issue related to C# in a .NET utility in terms of fileless attacks.
From the article: A recent example of C# being used for offensive purposes is the PowerShell/C# ‘combo attack’ noted by Xavier Mertens earlier this month in which a malware sample used PowerShell to compile C# code on the fly. Also, a collection of adversary tools implemented in C# was released. Further, an improved way was published for injecting shellcode (.NET assembly) into memory via a C# application…. Given recent trends it seems likely that we’ll start to see an increased number of attacks that utilize C# — or combinations of C# and PowerShell such as that featured in Xavier Mertens’ SANS blog — in the coming months.