# Compile After Delivery

Adversaries may attempt to make payloads difficult to discover and analyze by delivering files to victims as uncompiled code. Text-based source code files may subvert analysis and scrutiny from protections targeting executables/binaries. These payloads will need to be compiled before execution before execution; typically via native utilities such as csc.exe or GCC/MinGW.

Source code payloads may also be encrypted, encoded, and/or embedded within other files, such as those delivered as a Phishing. Payloads may also be delivered in formats unrecognizable and inherently benign to the native OS (ex:EXEs on macOS/Linux) before later being (re)compiled into a proper executable binary with bundled compiler and execution framework.

**Example:**

The .NET Framework includes a mechanism called the Code Document Object Model (CodeDOM) that enables developers of programs that emit source code to generate source code in multiple programming languages at run time, based on a single model that represents the code to render. Sometimes developers need it, and .NET Framework  makes it possible. For example, the following C# code compiles the C# code assigned to the "code" variable during execution and runs it.

Here is a sample code with C#

![](/files/-MRhsyQnY_kB2zdLzFZZ)

Any part from the "**string code"** section will get compiled and executed when the application runs.

![](/files/-MRhszMGVqK47LM4XYCP)

Reference:

{% embed url="<https://artofpwn.com/2017/11/14/spookflare.html>" %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://dmcxblue.gitbook.io/red-team-notes-2-0/red-team-techniques/defense-evasion/t0127-obfuscated-files-or-information/compile-after-delivery.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.