-
Notifications
You must be signed in to change notification settings - Fork 47
Changelog
Grimmie edited this page Oct 10, 2022
·
7 revisions
Initial Release
Tradecraft Modules
- RegList - lists registry contents
- Timestomp - modifies file and directory timestamps
Persist Methods
- OverrideTasks - deploys MSBuild Override task based persistence based on a payload specified
- GenericRegAdd - adds an arbitrary registry key
- RunKeys - deploys a registry run key
Payload Module
- PopCalc - PoC payload to test persistence, pops calc (C#)
- HelloWorld - runs a hello world script (C#)
Tradecraft Modules
- SvcList - Lists services
- SchList - Lists scheduled tasks
- ProcList - lists running processes
- IpConfig - lists network interfaces
- WMIQuery - runs arbitrary WMI queries
- CredCheck - attempts to validate domain credentials
Persist Methods
- registerEventFilter - registers WMI event filter
- registerActiveScriptEventConsumer - registers WMI ActiveScriptEventConsumer
- registerCommandLineEventConsumer - registers WMI CommandLineEventConsumer
- registerIntervalTimerInstruction - registers WMI IntervalTimerInstruction
- registerFilterToConsumerBinding - registers WMI FilterToConsumerBinding