"calc. exe : obviously no luck there, but the error is interesting : “ could not load file or assembly ‘ file : / / / c : \ windows \ system32 \ calc. exe ’ … ”. it looks like it tried to load / call calc. exe. using a. net decompiler we can see what is going on. sure enough it is…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1574.011Services Registry Permissions Weakness
47%
"abusing trusted applications with nested execution recently, my co - founders gave a talk at derbycon 7. 0 on evading common persistence enumeration tools. evasion using trusted applications has been a hot topic of discussion within the infosec community and is one of the techniq…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1569.002Service Execution
40%
"abusing trusted applications with nested execution recently, my co - founders gave a talk at derbycon 7. 0 on evading common persistence enumeration tools. evasion using trusted applications has been a hot topic of discussion within the infosec community and is one of the techniq…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1574.001DLL
38%
"abusing trusted applications with nested execution recently, my co - founders gave a talk at derbycon 7. 0 on evading common persistence enumeration tools. evasion using trusted applications has been a hot topic of discussion within the infosec community and is one of the techniq…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1543.003Windows Service
37%
"use the providerservicebase class which provides a generic windows service host environment to host providerhost objects. this is all included with the windows server 2012 essentials sdk. seems like someone could create a pass - through service using the sdk that uses the signed …"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
Summary
Recently, my co-founders gave a talk at DerbyCon 7.0 on evading common persistence enumeration tools. Evasion using trusted applications has been a hot topic of discussion within the infosec community and is one of the techniques they covered in their presentation. However, very little discussion exists on why these matter or the steps researchers take to find “hosting” applications.