public-mirrors/LOLBAS
1
0
Fork 0
mirror of https://github.com/LOLBAS-Project/LOLBAS synced 2025-07-27 04:32:24 +02:00
Code Issues Projects Releases Wiki Activity

Adding 'Execute' categories to existing 'AWL Bypass' binaries.

Browse Source
This commit is contained in:
Conor Richard
2018-10-05 15:06:01 -04:00
parent 92a20a2d6f
commit c103cb3677
4 changed files with 58 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
yml/OtherMSBinaries/Tracker.yml
View File

@@ -4,6 +4,14 @@ Description: Tool included with Microsoft .Net Framework.
Author: 'Oddvar Moe'
Created: '2018-05-25'
Commands:
- Command: Tracker.exe /d .\calc.dll /c C:\Windows\write.exe
Description: Use tracker.exe to proxy execution of an arbitrary DLL into another process. Since tracker.exe is also signed it can be used to bypass application whitelisting solutions.
Usecase: Injection of locally stored DLL file into target process.
Category: Execute
Privileges: User
MitreID: T1218
MitreLink: https://attack.mitre.org/wiki/Technique/T1218
OperatingSystem: Windows
- Command: Tracker.exe /d .\calc.dll /c C:\Windows\write.exe
Description: Use tracker.exe to proxy execution of an arbitrary DLL into another process. Since tracker.exe is also signed it can be used to bypass application whitelisting solutions.
Usecase: Injection of locally stored DLL file into target process.