nganhkhoa/mether049-malware
1
0
Fork 0
mirror of https://github.com/nganhkhoa/malware.git synced 2024-06-10 21:32:07 +07:00
Code Issues Projects Releases Wiki Activity

Update malware-tech_ref_and_memo.md

Browse Source
This commit is contained in:
mether049 2020-01-18 17:01:26 +09:00 committed by GitHub
parent 793fe8f96b
commit 6a69893760
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
malware-tech_ref_and_memo.md
View File

@ -224,9 +224,7 @@ New-Object System.IO.Compression.DeflateStream([iO.mEmoRySTream] [sysTEM.ConVert
- UAC Bypass,AppLocker Bypass,Dumping process memory,Credential theft,Log evasion/modification,Persistence,File operations,etc. - UAC Bypass,AppLocker Bypass,Dumping process memory,Credential theft,Log evasion/modification,Persistence,File operations,etc.
- よく利用されるLOLBins - よく利用されるLOLBins
- [Certutil.exe](https://lolbas-project.github.io/lolbas/Binaries/Certutil/) - [Certutil.exe](https://lolbas-project.github.io/lolbas/Binaries/Certutil/)
- エンコードされたバイナリをCertutil.exeでダウンロード - エンコードされたバイナリをCertutil.exeでダウンロード->ダウンロードしたバイナリをCertutil.exeでデコード->デコードしたバイナリを,[Forfiles.exe](https://lolbas-project.github.io/lolbas/Binaries/Forfiles/)で実行
- ダウンロードしたバイナリをCertutil.exeでデコード
- デコードしたバイナリをForfiles.exeで実行
- [eventvwr.exe](https://lolbas-project.github.io/lolbas/Binaries/Eventvwr/) - [eventvwr.exe](https://lolbas-project.github.io/lolbas/Binaries/Eventvwr/)
- [Msbuild.exe](https://lolbas-project.github.io/lolbas/Binaries/Msbuild/) - [Msbuild.exe](https://lolbas-project.github.io/lolbas/Binaries/Msbuild/)
- [Mshta.exe](https://lolbas-project.github.io/lolbas/Binaries/Mshta/) - [Mshta.exe](https://lolbas-project.github.io/lolbas/Binaries/Mshta/)