security-tools/atomic-red-team
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add persistance via Recycle bin (#1809)

Browse Source 
Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
This commit is contained in:
frack113
2022-03-14 18:41:04 +01:00
committed by GitHub
parent 042bd99bdd
commit d3a53714b4
1 changed files with 11 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
atomics/T1547.001/T1547.001.yaml
+11
View File
@@ -139,3 +139,14 @@ atomic_tests:
cleanup_command: Remove-Item "$home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\calc_exe.lnk" -ErrorAction Ignore
name: powershell
elevation_required: true
- name: Add persistance via Recycle bin
description: |
Add a persistance via Recycle bin [vxunderground](https://github.com/vxunderground/VXUG-Papers/blob/main/The%20Persistence%20Series/Persistence%20via%20Recycle%20Bin/Persistence_via_Recycle_Bin.pdf)
User have to clic on the recycle bin to lauch the payload (here calc)
supported_platforms:
- windows
executor:
command: reg ADD "HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\open\command" /ve /d "calc.exe" /f
cleanup_command: reg DELETE "HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\open" /f
name: command_prompt