From 84de927a839510b52bbbd4b04c82be12ed222d03 Mon Sep 17 00:00:00 2001 From: SpookySec Date: Mon, 8 Feb 2021 16:28:25 +0300 Subject: [PATCH] edited cdb.yml --- yml/OtherMSBinaries/Cdb.yml | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/yml/OtherMSBinaries/Cdb.yml b/yml/OtherMSBinaries/Cdb.yml index 2411a0d..a5edabc 100644 --- a/yml/OtherMSBinaries/Cdb.yml +++ b/yml/OtherMSBinaries/Cdb.yml @@ -12,6 +12,16 @@ Commands: MitreID: T1218 MitreLink: https://attack.mitre.org/wiki/Technique/T1218 OperatingSystem: Windows + - Command: | + cdb.exe -pd -pn + .shell + Description: Attaching to any process and executing shell commands + Usecase: Run a shell command under a trusted Microsoft signed binary + Category: Execute + Privileges: User + MitreID: + MitreLink: + OperatingSystem: Windows Full_Path: - Path: C:\Program Files (x86)\Windows Kits\10\Debuggers\x64\cdb.exe - Path: C:\Program Files (x86)\Windows Kits\10\Debuggers\x86\cdb.exe @@ -23,7 +33,12 @@ Resources: - Link: http://www.exploit-monday.com/2016/08/windbg-cdb-shellcode-runner.html - Link: https://docs.microsoft.com/en-us/windows-hardware/drivers/debugger/cdb-command-line-options - Link: https://gist.github.com/mattifestation/94e2b0a9e3fe1ac0a433b5c3e6bd0bda + - Link: https://blog.thecybersecuritytutor.com/the-power-of-cdb-debugging-tool/ Acknoledgement: - Person: Matt Graeber Handle: '@mattifestation' ---- \ No newline at end of file + - Person: mr.d0x + Handle: '@mrd0x' + - Person: Spooky Sec + Handle: '@spooky_sec' +---