![]() ![]() In particular, I highlighted that Setupapi.dll (InstallHinfSection) could be used for such invocation, but I deviated from the spirit of their presentation by failing to mention their discovery of InfDefaultInstall. In their Derb圜on 2017 talk – Evading AutoRuns, and of presented several INF-SCT techniques. Revisiting Setupapi.dll (InstallHinfSection) and Advpack.dll (LaunchINFSection) Setupapi.dll (InstallHinfSection) – InfDefaultInstall.exe If you have not already done so, I’d highly recommend reviewing Part 1 before proceeding as we will revisit a few prior topics before presenting these INF-SCT methods: Additionally, a few other “fetch and execute” techniques were highlighted for situational awareness, and several defensive considerations were presented. Default AppLocker policies), deter host-based security products, and achieve ‘hidden’ persistence. In general, instances of these methods could potentially be abused to bypass application whitelisting (AWL) policies (e.g. On the first screen, select “Create new Self-Extraction Directive file” and click Next.Two weeks ago, I blogged about several “pass-thru” techniques that leveraged the use of INF files (‘.inf’) to “fetch and execute” remote script component files (‘.sct’). In Windows (from XP up to Windows 10), open the “Run” menu and type “iexpress”. The problem with Microsoft is that it loves to hide these useful nifty tools from the public, so it is unsurprisingly to see that few people have heard of this tool. Windows comes with this builtin tool – iexpress.exe that allows you to create self-extracting installer. Unless you are expecting to receive a self-extracting archive from a trusted source, do not open any self-extracting archive, particularly those you downloaded from some shabby websites.Īlso read: 7-Zip vs WinRAR vs WinZIP: The Best Tool for File Compression Creating self-extracting archive in Windows ![]() Self-extracting archive can impose a risk if you are not sure of the content within. ![]() If you are planning to send the self-extracting archive to your friend, make sure you are using the same OS platform as him/her.Ģ. Even in Linux, the archive might not be compatible with each distro. You can’t create a self-extracting archive in Windows and expect it to work in Linux. While you can create self-extracting archive in Windows and Linux, the created archive is not cross-platform compatible. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |