Rezultati pretraživanja
  1. 11. pro 2019.

    dotnet.exe [PATH_TO_DLL] Its just like doing python . (funny) dotnet.exe is trusted binary and Default AppLocker rule don't block it so its a valid AppLocker bypass. Similar to regasm.exe. CC

  2. 4. pro 2018.

    Today I found out that ftp.exe can be used as a . run ftp.exe, type "!" (calls the shell() function inside ftp.exe) followed by whatever it is that you want to run, i.e "!powershell" File under: Things that my teammates and I are finding when looking at windows binaries.

  3. 18. lis 2018.
  4. 5. pro 2019.

    Use the MS-signed executable "dvdplay.exe" to run your binaries

    Prikaži ovu nit
  5. 4. sij

    Just published the awaited blog post on the It was a fun tool and a pesky

  6. 24. sij

    how to be a bad ctor ctor.dll, LaunchSetup <filename>

  7. 23. lis 2019.

    I hear you like lolbins... odbcconf.exe /a {REGSVR c:\test\test.dll" it loads the DLL and calls DllRegisterServer :)

    Prikaži ovu nit
  8. 24. srp 2018.

    MS signed ExtExport accepts UNC paths. Loads DLL from local disk, SMB and WebDav links. 64 and 32 bit bins on disk. .\ExtExport.exe "\\\tools\Autoruns64.dll" a b JSON FIREFOX c Anyone care to test if it has evasive properties?

  9. 14. svi 2018.

    Windows 10 1803 has some interesting new binaries. I don't need to explain this picture.... - Well, they are signed at least

    Prikaži ovu nit
  10. 4. stu 2019.

    In addition steamservice.exe can call custom .vdf files directly without having to modify any game-specific .vdf's

    Prikaži ovu nit
  11. 18. kol 2019.

    this looks like a (signed by citrix) similar to "setupapi.dll,InstallHinfSection" u can download citrix exe from

    Prikaži ovu nit
  12. 3. svi 2018.

    CML Execution Using DXCap.exe To Launch Executive From Prompt-CML &- DXCap.exe -c C:\Windows\System32\notepad.exe &- Raw

    Prikaži ovu nit
  13. 2. velj

    SettingSyncHost.exe as a LolBin cd %TEMP% & c:\windows\system32\SettingSyncHost.exe -LoadAndRunDiagScript foo

  14. 3. lis 2019.

    c:\windows\system32\devtoolslauncher.exe LaunchForDeploy payload.exe "argument here" test Trusted binary will execute your payload :) Thanks to & @egriffithCH for testing it on there side. VS or VS code is require i think.

  15. 4. stu 2019.

    [Research] Windbg Time Travel Debugging. ">tttracer.exe" File usage >> tttracer.exe "C: \ Windows \ System32 \ calc.exe" 🧐

  16. 19. tra 2018.

    Is Explorer.exe the ultimate ? explorer.exe [exe/hta/scr/...etc] *Invokes child processes when called (after a lookup of the the default program handler) *Hides from the default filter in AutoRuns *Just might be doing a little more on a workstation in your network

    Prikaži ovu nit
  17. 18. lis 2018.

    Synaptics Touchpad Enhancements SynTPEnh.exe “provides additional configurations and support” Okay! Execute my malicious binary for me 😂 cc

  18. 10. velj 2019.

    Esentutl.exe is an interesting that has a /vss switch for copying locked ESE files (such as the AD database). already wrote a nice blog on the subject that discusses some and detection considerations. Check it out here -

  19. 26. svi 2018.

    Nice from Steam (Valve) :-p Dump a Windows process with a Valve Signe Binary: WriteMiniDump.exe PID DumpFilePath

    Prikaži ovu nit

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.