bohops

Hello, Have you tried crafting a MSI package payload (e.g. C:\path\to\poc.msi). If so, does that work?

I cannot locate this lolbin either It could very well be in an older version of VS, If it cannot be found, it may be worth removing from LOLBAS.

We are going to add a new function called 'tamper' for this use case. Additionally, fsutil can be used to delete the usn journal volume to hide file creation activity...

I believe I saw this one on Twitter. Can you submit a PR? https://github.com/LOLBAS-Project/LOLBAS/blob/master/CONTRIBUTING.md

[sprint.xlsx](https://github.com/LOLBAS-Project/LOLBAS/files/8600542/sprint.xlsx) @wietze this is excellent work! Attached are some comments for the Sprint. I reviewed many as I could with a bias toward some of the ones I am more...

From time-to-time, Microsoft does service UAC bypasses (although it is not a part of the OS "security boundary"). It may still work on older versions of Windows.

Explore "uninstall security software" use case for msiexec.exe

Thank you for submitting. We apologize for the delay as we get through the backlog. For this technique, could you please be more specific about the execution of the "dropper...

Closing this for now without the additional context. Please feel free to re-open with additional information. Thank you.

@josehelps This is a great PR. Let me know what I can do to help get this verified and added