public-mirrors/LOLBAS
1
0
Fork 0
mirror of https://github.com/LOLBAS-Project/LOLBAS synced 2025-11-03 18:19:25 +01:00
Code Issues Projects Releases Wiki Activity

Create Ntsd.yml (#449)

Browse Source 
Co-authored-by: Wietze <wietze@users.noreply.github.com>
This commit is contained in:
Avihay Eldad
2025-08-31 18:33:36 +03:00
committed by GitHub
parent e0f262f32b
commit ed6d8aa11d
1 changed files with 26 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
yml/OtherMSBinaries/Ntsd.yml Normal file
View File

@@ -0,0 +1,26 @@
---
Name: Ntsd.exe
Description: Symbolic Debugger for Windows.
Author: Avihay Eldad
Created: 2025-07-16
Commands:
- Command: ntsd.exe -g {CMD}
Description: Launches command through the debugging process; optionally add `-G` to exit the debugger automatically.
Usecase: Executes an executable under a trusted microsoft signed binary.
Category: Execute
Privileges: User
MitreID: T1127
OperatingSystem: Windows
Tags:
- Execute: CMD
Full_Path:
- Path: C:\Program Files (x86)\Windows Kits\10\Debuggers\x64\ntsd.exe
- Path: C:\Program Files (x86)\Windows Kits\10\Debuggers\x86\ntsd.exe
- Path: C:\Program Files (x86)\Windows Kits\10\Debuggers\arm\ntsd.exe
- Path: C:\Program Files (x86)\Windows Kits\10\Debuggers\arm64\ntsd.exe
Resources:
- Link: https://learn.microsoft.com/en-us/windows-hardware/drivers/debugger/cdb-command-line-options
- Link: https://strontic.github.io/xcyclopedia/library/ntsd.exe-629EA12D527237B9CD945AC44C2DE80D.html
Acknowledgement:
- Person: Avihay Eldad
Handle: '@AvihayEldad'