* vstest.console.exe awl bypass
* Create testwindowremoteagent.yaml
Data Exfiltration with TestWindowRemoteAgent.exe is added
* Create vstest.yaml
In order to utilize this, you have to create a Unit Test project for c++ preferrably (because it builds into a single DLL easily) and write your malicious code inside the test method then build it. the main function will not run any code at all but when you call vstest.console to run your unit tests it also performs the other code inside the test method so you can run your code without directly running exe or dll
* Delete testwindowremoteagent.yaml
* Update vstest.yaml
A new description added
Everything looks good, confirmed working on Windows 10 & 11, merging changes:
* Added 'Execute' lolbas for iediagcmd.exe
* Added missing fields from the template
* Update Iediagcmd.yml
Made corrections
* Update Iediagcmd.yml
Removing trailing spaces
* Update Iediagcmd.yml
removing empty fields
* Minor changes
* Update Iediagcmd.yml
Removing space before first "&". When setting the Environment variable, it's picking up the space so the path seemed to be "c:\test \", which is why tests are failing.
* Adding Windows 11 support
---------
Co-authored-by: Conor Richard <xenos@xenos-1.net>
Co-authored-by: Wietze <wietze@users.noreply.github.com>
This one is pretty straightforward and related to the vstest so pushed the commit for this pull request. TestWindowRemoteAgent.exe is a signed DLL that can be utilized to be a gadget for data exfiltration since it tries connection to any host.
