mirror of
https://github.com/LOLBAS-Project/LOLBAS
synced 2024-12-25 14:29:24 +01:00
13026a481b
DownloadFile option has been removed from current MpCmdRun.exe, but old binary remains on disk. Defender cmd line mitigation can be bypassed by simply renaming the binary in a folder controlled by the attacker |
||
---|---|---|
.. | ||
LOLUtilz | ||
OSBinaries | ||
OSLibraries | ||
OSScripts | ||
OtherMSBinaries |