mirror of
https://github.com/LOLBAS-Project/LOLBAS
synced 2025-09-08 17:25:30 +02:00
27 lines
1.0 KiB
YAML
27 lines
1.0 KiB
YAML
---
|
|
Name: Ntsd.exe
|
|
Description: Symbolic Debugger for Windows.
|
|
Author: Avihay Eldad
|
|
Created: 2025-07-16
|
|
Commands:
|
|
- Command: ntsd.exe -g {CMD}
|
|
Description: Launches command through the debugging process; optionally add `-G` to exit the debugger automatically.
|
|
Usecase: Executes an executable under a trusted microsoft signed binary.
|
|
Category: Execute
|
|
Privileges: User
|
|
MitreID: T1127
|
|
OperatingSystem: Windows
|
|
Tags:
|
|
- Execute: CMD
|
|
Full_Path:
|
|
- Path: C:\Program Files (x86)\Windows Kits\10\Debuggers\x64\ntsd.exe
|
|
- Path: C:\Program Files (x86)\Windows Kits\10\Debuggers\x86\ntsd.exe
|
|
- Path: C:\Program Files (x86)\Windows Kits\10\Debuggers\arm\ntsd.exe
|
|
- Path: C:\Program Files (x86)\Windows Kits\10\Debuggers\arm64\ntsd.exe
|
|
Resources:
|
|
- Link: https://learn.microsoft.com/en-us/windows-hardware/drivers/debugger/cdb-command-line-options
|
|
- Link: https://strontic.github.io/xcyclopedia/library/ntsd.exe-629EA12D527237B9CD945AC44C2DE80D.html
|
|
Acknowledgement:
|
|
- Person: Avihay Eldad
|
|
Handle: '@AvihayEldad'
|