Added psr.exe, added function Surveillance

master
Oddvar Moe 2018-04-25 08:46:35 +02:00
parent f3e2157dd6
commit c3c54520e6
3 changed files with 32 additions and 1 deletions

View File

@ -4,7 +4,7 @@ to send me a tweet and I will add the contribution for you.
## Binary.exe ## Binary.exe
* Functions: Execute, Download, Copy, Read ADS, Write ADS, UACBypass, Search, Compile, Credentials * Functions: Execute, Download, Copy, Read ADS, Write ADS, UACBypass, Search, Compile, Credentials, Surveillance
``` ```
Example Example

View File

@ -37,6 +37,7 @@ If you are missing from the acknowledgement, please let me know (I did not forge
[Powershell.exe](OSBinaries/Powershell.md) [Powershell.exe](OSBinaries/Powershell.md)
[Presentationhost.exe](OSBinaries/Presentationhost.md) [Presentationhost.exe](OSBinaries/Presentationhost.md)
[Print.exe](OSBinaries/Print.md) [Print.exe](OSBinaries/Print.md)
[Psr.exe](OSBinaries/Psr.md)
[Qprocess.exe](OSBinaries/Qprocess.md) [Qprocess.exe](OSBinaries/Qprocess.md)
[Reg.exe](OSBinaries/Reg.md) [Reg.exe](OSBinaries/Reg.md)
[Regedit.exe](OSBinaries/Regedit.md) [Regedit.exe](OSBinaries/Regedit.md)

30
OSBinaries/Psr.md Normal file
View File

@ -0,0 +1,30 @@
## Psr.exe
* Functions: Surveillance
```
psr.exe /start /gui 0 /output c:\users\user\out.zip
psr.exe /stop
```
Acknowledgements:
*
Code sample:
*
Resources:
* https://www.sans.org/summit-archives/file/summit-archive-1493861893.pdf
Full path:
```
C:\Windows\System32\Psr.exe
C:\Windows\SysWOW64\Psr.exe
```
Notes:
It does not log keystrokes. Only screenshots when something is clicked.