Forget PSEXEC: DCOM Upload & Execute Backdoor

This report documents a newly discovered DCOM lateral movement technique that leverages undocumented IMsiServer/IMsiCustomAction interfaces to remotely upload a strong‑named .NET assembly into the Global Assembly Cache (GAC) on a target, load it into an MSIEXEC service process, and invoke exported functions to achieve remote code execution and a backdoor-like persistence. The author details reversing steps, a full proof‑of‑concept implementation, limitations (domain membership, DCOM hardening parity, strong‑name requirement), and detection indicators such as MSIEXEC child processes, GAC writes/loads, and relevant event logs.