Merge pull request #129 from SpookySec/cdb-update

edited cdb.yml
2024-12-26 06:49:09 +01:00 · 2021-09-25 21:40:09 -04:00 · 2021-09-25 21:40:09 -04:00 · c51df24076
commit c51df24076
parent f51a70c03e d539a7dacd
1 changed files with 16 additions and 1 deletions
--- a/yml/OtherMSBinaries/Cdb.yml
+++ b/yml/OtherMSBinaries/Cdb.yml
@ -12,6 +12,16 @@ Commands:
    MitreID: T1218
    MitreLink: https://attack.mitre.org/wiki/Technique/T1218
    OperatingSystem: Windows
+  - Command: |
+     cdb.exe -pd -pn <process_name>
+     .shell <cmd>
+    Description: Attaching to any process and executing shell commands
+    Usecase: Run a shell command under a trusted Microsoft signed binary
+    Category: Execute
+    Privileges: User
+    MitreID: 
+    MitreLink:
+    OperatingSystem: Windows
 Full_Path:
  - Path: C:\Program Files (x86)\Windows Kits\10\Debuggers\x64\cdb.exe
  - Path: C:\Program Files (x86)\Windows Kits\10\Debuggers\x86\cdb.exe
@ -23,7 +33,12 @@ Resources:
  - Link: http://www.exploit-monday.com/2016/08/windbg-cdb-shellcode-runner.html
  - Link: https://docs.microsoft.com/en-us/windows-hardware/drivers/debugger/cdb-command-line-options
  - Link: https://gist.github.com/mattifestation/94e2b0a9e3fe1ac0a433b5c3e6bd0bda
+  - Link: https://blog.thecybersecuritytutor.com/the-power-of-cdb-debugging-tool/
 Acknoledgement:
  - Person: Matt Graeber
    Handle: '@mattifestation'
+  - Person: mr.d0x
+    Handle: '@mrd0x'
+  - Person: Spooky Sec
+    Handle: '@sec_spooky'
 ---