Added psr.exe, added function Surveillance

2018-04-25 08:46:35 +02:00 · 2018-04-25 08:46:35 +02:00 · c3c54520e6
parent f3e2157dd6
commit c3c54520e6
3 changed files with 32 additions and 1 deletions
--- a/Contribute.md
+++ b/Contribute.md
@ -4,7 +4,7 @@ to send me a tweet and I will add the contribution for you.

 ## Binary.exe

-* Functions: Execute, Download, Copy, Read ADS, Write ADS, UACBypass, Search, Compile, Credentials
+* Functions: Execute, Download, Copy, Read ADS, Write ADS, UACBypass, Search, Compile, Credentials, Surveillance

 ```
 Example
--- a/LOLBins.md
+++ b/LOLBins.md
@ -37,6 +37,7 @@ If you are missing from the acknowledgement, please let me know (I did not forge
 [Powershell.exe](OSBinaries/Powershell.md)     
 [Presentationhost.exe](OSBinaries/Presentationhost.md)     
 [Print.exe](OSBinaries/Print.md)     
+[Psr.exe](OSBinaries/Psr.md)     
 [Qprocess.exe](OSBinaries/Qprocess.md)     
 [Reg.exe](OSBinaries/Reg.md)    
 [Regedit.exe](OSBinaries/Regedit.md)    
--- a/OSBinaries/Psr.md
+++ b/OSBinaries/Psr.md
@ -0,0 +1,30 @@
+## Psr.exe
+
+* Functions: Surveillance
+
+```
+psr.exe /start /gui 0 /output c:\users\user\out.zip    
+
+psr.exe /stop    
+```
+
+Acknowledgements:
+* 
+
+Code sample:
+* 
+
+Resources:
+* https://www.sans.org/summit-archives/file/summit-archive-1493861893.pdf
+
+Full path:
+```
+C:\Windows\System32\Psr.exe
+C:\Windows\SysWOW64\Psr.exe
+```
+
+Notes:
+It does not log keystrokes. Only screenshots when something is clicked.
+
+
+