CYBER MONGOL
  • Our Journey
  • Intelligence Engine
  • ASATA
  • Human-Machine Teaming
  • Operator Research
  • Achievements and Media
  • Counter Intelligence
  • Our Journey
  • Intelligence Engine
  • ASATA
  • Human-Machine Teaming
  • Operator Research
  • Achievements and Media
  • Counter Intelligence
Search by typing & pressing enter

YOUR CART

6/24/2021

Proxy Command Execution/DLL Injection Via SyncAppvPublishingServer.vbs

​*Proxy Command Execution/DLL Injection Via SyncAppvPublishingServer.vbs > PowerShell > rundll32 > Bad.dll vs Microsoft Defender for Endpoint* This builds off a post I did yesterday, a colleague of mine () commented and asked about the above vector and endpoint detections. I tested the above vector without MDE protection just to see the mechanics and then secured with MDE. You can find the resources I used to facilitate this attack, below.
 
DLL: https://github.com/mvelazc0/defcon27_csharp_workshop/blob/master/Labs/lab6/ShellcodeInjectionDll/ShellcodeInjection.cpp
 
 
SyncAppvPublishingServer.vbs: https://mp.weixin.qq.com/s/Ud7TbeMJb8fsRlaGHWhBww
 
 
#infosec #cybersecurity #informationsecurity #threatintelligence #networksecurity #sec #security #tools #offensivesecurity #pentesting #redteam #blueteam

Comments are closed.

    Archives

    July 2021
    June 2021
    May 2021
    April 2021
    March 2021
    February 2021
    January 2021
    September 2020
    August 2020
    July 2020

    Categories

    All

    RSS Feed

contact us:
© COPYRIGHT 2015. ALL RIGHTS RESERVED.