Tuesday, June 14, 2022
HomeHackerPersistence By Writing/Studying Shellcode From Occasion Log

Persistence By Writing/Studying Shellcode From Occasion Log




Persistence by writing/studying shellcode from Occasion Log.

Utilization

The SharpEventPersist device takes 4 case-sensitive parameters:

The shellcode is transformed to hex and written to the “Key Administration Service”, occasion stage is ready to “Data” and supply is “Persistence”.
Run the SharpEventLoader device to fetch shellcode from occasion log and execute it. Ideally this needs to be transformed to a DLL and sideloaded on program begin/boot.
Bear in mind to alter the Occasion Log title and instanceId within the loader, if not working with default values.

Default values will depart the next artifact:

  • A brand new key will likely be written to HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesEventLogKey Administration Service named “Persistance”.
  • This new “Persistance” key won’t have a supplier GUID or TypesSupported which the default key “KmsRequests” have. This can be utilized to construct detections.



RELATED ARTICLES

LEAVE A REPLY

Please enter your comment!
Please enter your name here

- Advertisment -
Google search engine

Most Popular

Recent Comments