JACpeeker
Results
2
issues of
JACpeeker
SYSTEM integrity 下运行到CreateProcess,进程就会查注册表 HKLM\System\CurrentControlSet\Services\bam\state ..... 找不到以目标文件名为名称的项就退了,找到了还得继续找里面其他的项和键值,感觉安全性提高了很多,俺看来是搞不定这个了。
rundll32 js code will get killed by many sponsers,and it comes the same using mshta execute remote js code,but it'll do when the payload land at local disk, use mshta...