security-tools/atomic-red-team
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]

Browse Source
This commit is contained in:
CircleCI Atomic Red Team doc generator
2021-06-17 13:08:27 +00:00
parent 358d58bad5
commit e7e5779025
2 changed files with 7 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files
atomics/Indexes/index.yaml
+4 -2
View File
@@ -9349,7 +9349,8 @@ privilege-escalation:
computer starts up various applications and may in fact drive you crazy. A
reliable way to make the message box appear and verify the \nAppInit Dlls
are loading is to start the notepad application. Be sure to run the cleanup
commands afterwards so you don't keep getting message boxes showing up\n"
commands afterwards so you don't keep getting message boxes showing up.\n\nNote:
If secure boot is enabled, this technique will not work. https://docs.microsoft.com/en-us/windows/win32/dlls/secure-boot-and-appinit-dlls\n"
supported_platforms:
- windows
input_arguments:
@@ -37163,7 +37164,8 @@ persistence:
computer starts up various applications and may in fact drive you crazy. A
reliable way to make the message box appear and verify the \nAppInit Dlls
are loading is to start the notepad application. Be sure to run the cleanup
commands afterwards so you don't keep getting message boxes showing up\n"
commands afterwards so you don't keep getting message boxes showing up.\n\nNote:
If secure boot is enabled, this technique will not work. https://docs.microsoft.com/en-us/windows/win32/dlls/secure-boot-and-appinit-dlls\n"
supported_platforms:
- windows
input_arguments:
atomics/T1546.010/T1546.010.md
+3 -1
View File
@@ -17,7 +17,9 @@ The AppInit DLL functionality is disabled in Windows 8 and later versions when s
AppInit_DLLs is a mechanism that allows an arbitrary list of DLLs to be loaded into each user mode process on the system. Upon succesfully execution,
you will see the message "The operation completed successfully." Each time the DLL is loaded, you will see a message box with a message of "Install AppInit Shim DLL was called!" appear.
This will happen regularly as your computer starts up various applications and may in fact drive you crazy. A reliable way to make the message box appear and verify the
AppInit Dlls are loading is to start the notepad application. Be sure to run the cleanup commands afterwards so you don't keep getting message boxes showing up
AppInit Dlls are loading is to start the notepad application. Be sure to run the cleanup commands afterwards so you don't keep getting message boxes showing up.
Note: If secure boot is enabled, this technique will not work. https://docs.microsoft.com/en-us/windows/win32/dlls/secure-boot-and-appinit-dlls
**Supported Platforms:** Windows