Giters

praetorian-inc / purple-team-attack-automation

Praetorian's public release of our Metasploit automation of MITRE ATT&CK™ TTPs

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

T1182 - AppCert DLLs

daniel-infosec opened this issue · comments

commented

https://b3n7s.github.io/2018/10/27/AppCert-Dlls.html

  1. Create DLL (reference above code)
  2. Upload DLL
  3. Create registry key
  4. Create value/data pair
  5. Create a process
  6. Confirm persistence is triggered
  7. Cleanup