Untitled

LOLBAS

https://github.com/bohops/UltimateWDACBypassList

https://github.com/mandiant/DueDLLigence

msdt.exe -path C:\WINDOWS\diagnostics\index\PCWDiagnostic.xml -af C:\PCW8E57.xml /skip TRUE

XML format for: msdt.exe -path C:\WINDOWS\diagnostics\index\PCWDiagnostic.xml -af C:\PCW8E57.xml /skip TRUE

Home Grown Red Team: Using LNK Files To Bypass Applocker

The Windows LNK file is just one of the many ways to get easy execution while bypassing Applocker and some AV. While this isn’t a new concept, it does present a lot of opportunity and is still favorite method of initial access for APTs around the world.

https://github.com/kapellos/LNKSmuggler

A Python script for creating .lnk (shortcut) files with embedded encoded data and packaging them into ZIP archives. The resulting LNK file extracts the embedded files and executes the first file provided (so it can be used with AppDomainManager technique) effectively bypassing MOTW and the download of files over the Internet. Before the embedded file is executed the LNK opens up a Decoy URL for the user.

https://github.com/Maldev-Academy/ExecutePeFromPngViaLNK