*Proxy Command Execution/DLL Injection Via SyncAppvPublishingServer.vbs > PowerShell > rundll32 > Bad.dll vs Microsoft Defender for Endpoint* This builds off a post I did yesterday, a colleague of mine () commented and asked about the above vector and endpoint detections. I tested the above vector without MDE protection just to see the mechanics and then secured with MDE. You can find the resources I used to facilitate this attack, below. DLL: https://github.com/mvelazc0/defcon27_csharp_workshop/blob/master/Labs/lab6/ShellcodeInjectionDll/ShellcodeInjection.cpp SyncAppvPublishingServer.vbs: https://mp.weixin.qq.com/s/Ud7TbeMJb8fsRlaGHWhBww #infosec #cybersecurity #informationsecurity #threatintelligence #networksecurity #sec #security #tools #offensivesecurity #pentesting #redteam #blueteam Comments are closed.
|