What is Cobalt Strike's execute-assembly command and why is it considered stealthy?

Cobalt Strike's `execute-assembly` command, introduced in version 3.11, loads .NET assemblies directly from memory without writing them to disk. This avoids file-based detection techniques, making it highly stealthy. It uses the CLR hosting API to load and execute managed code within an unmanaged process, as detailed in Analysis of .NET Assembly Loading from Memory (execute-assembly) Exploitation.