Giters

VirtualAlllocEx / DSC_SVC_REMOTE

This code example allows you to create a malware.exe sample that can be run in the context of a system service, and could be used for local privilege escalation in the context of an unquoted service path, etc. The payload itself can be remotely hosted, downloaded via the wininet library and then executed via direct system calls.

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

av-bypassav-evasiondirect-syscallsedr-bypassedr-evasion

DSC_SVC_REMOTE

This code example allows you to create a malware.exe sample that can be run in the context of a Windows system service, and could be used for local privilege escalation in the context of e.g. unquoted service path or file permisson vulnerability, etc. The payload itself can be remotely hosted, downloaded via the wininet library and then executed via direct system calls.

  1. Replace the link to your hosted .bin payload

image

  1. Change the name of the service to your service

image image

  1. Start the respective service and retreive session in system context

cmd>

sc start unquotedsvc

image

References

https://cocomelonc.github.io/tutorial/2022/05/09/malware-pers-4.html

About

This code example allows you to create a malware.exe sample that can be run in the context of a system service, and could be used for local privilege escalation in the context of an unquoted service path, etc. The payload itself can be remotely hosted, downloaded via the wininet library and then executed via direct system calls.

av-bypassav-evasiondirect-syscallsedr-bypassedr-evasion

Languages

Language:C 62.7%Language:C++ 26.4%Language:Assembly 10.9%