From 3f1dfebd226aeaf701b81cb00713d35ef9090ead Mon Sep 17 00:00:00 2001 From: Vincent Yiu Date: Sat, 2 Jun 2018 00:02:49 +0100 Subject: [PATCH 1/2] Update Shell32.md --- OSLibraries/Shell32.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/OSLibraries/Shell32.md b/OSLibraries/Shell32.md index 14e8fd4..ee72cf2 100644 --- a/OSLibraries/Shell32.md +++ b/OSLibraries/Shell32.md @@ -6,10 +6,17 @@ rundll32.exe shell32.dll,Control_RunDLL payload.dll rundll32.exe shell32.dll,ShellExec_RunDLL beacon.exe + +rundll32.exe shell32.dll,ShellExec_RunDLLA beacon.exe + +rundll32.exe shell32.dll,ShellExec_RunDLLW beacon.exe + +rundll32.exe shell32.dll,ShellExecuteEx beacon.exe ``` Acknowledgements: * Pierre-Alexandre Braeken - @pabraeken (ShellExec_RunDLL) +* Vincent Yiu - @vysecurity (ShellExec_RunDLLA, ShellExec_RunDLLW, ShellExecuteEx) Code sample: * From ccf9956b036473a1aa0fd66c3b6050a42f0a2628 Mon Sep 17 00:00:00 2001 From: Vincent Yiu Date: Sat, 2 Jun 2018 08:09:49 +0100 Subject: [PATCH 2/2] Update Shell32.md Forgot to false positive check :s --- OSLibraries/Shell32.md | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/OSLibraries/Shell32.md b/OSLibraries/Shell32.md index ee72cf2..920cfa2 100644 --- a/OSLibraries/Shell32.md +++ b/OSLibraries/Shell32.md @@ -8,15 +8,11 @@ rundll32.exe shell32.dll,Control_RunDLL payload.dll rundll32.exe shell32.dll,ShellExec_RunDLL beacon.exe rundll32.exe shell32.dll,ShellExec_RunDLLA beacon.exe - -rundll32.exe shell32.dll,ShellExec_RunDLLW beacon.exe - -rundll32.exe shell32.dll,ShellExecuteEx beacon.exe ``` Acknowledgements: * Pierre-Alexandre Braeken - @pabraeken (ShellExec_RunDLL) -* Vincent Yiu - @vysecurity (ShellExec_RunDLLA, ShellExec_RunDLLW, ShellExecuteEx) +* Vincent Yiu - @vysecurity (ShellExec_RunDLLA) Code sample: *