Created
April 18, 2021 00:45
-
-
Save xenoscr/af621fac628ab5c7b2d8d61f31c415a2 to your computer and use it in GitHub Desktop.
SquiblyTest - Test Several Dimensions of EDR -
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?XML version="1.0"?> | |
| <scriptlet> | |
| <registration | |
| progid="PoC" | |
| classid="{F0001111-0000-0000-0000-0000FEEDACDC}" > | |
| <!-- Proof Of Concept - Casey Smith @subTee --> | |
| <!-- License: BSD3-Clause --> | |
| <script language="JScript"> | |
| <![CDATA[ | |
| //Child Process + Command Line | |
| var r = new ActiveXObject("WScript.Shell").Run("cmd.exe /k title BADC0FFEE"); | |
| // Registry Add, Modify, Delete | |
| var regtest = new ActiveXObject("WScript.Shell") | |
| regtest.RegWrite("HKCU\\TestKey\\", "BADC0FFEE"); | |
| //regtest.RegDelete("HKCU\TestKey\"); | |
| // File Create, Modify, Delete | |
| //Implicit with download. | |
| ]]> | |
| </script> | |
| </registration> | |
| </scriptlet> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment