Payload Guardrails

Secondary Categories: 02-Command and Control, 02-Malware

Environmental Keying

When your payload lands on a victims system its important develop your implants/payloads to perform some checks to ensure they are in the right environment. Some things we can check:

Check if connected to domain
Check if being debugged
Check System Cores or Memory
Check Keyboard language
Check date time
Check for mouse movement
Check for window resizing

User Profiling

When you are developing a payload you can also perform check based on the user profile before the payload is executed.

Only execute during work hours
Only execute before XYZ date
Check for specific installed software for their position
Check Most Recently used files (MRUs)
- HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FindComputerMRU
- HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Doc Find Spec MRU
- %AppData%\Microsoft\Windows\Recent
Check RDP History
- HKCU\Software\Microsoft\Terminal Server Client\Servers
- HKCU\Software\Microsoft\Terminal Server Client\Default
- HKCU\Software\Microsoft\Terminal Server Client\UsernameHint

Also Check Out:

PLACEHOLDER

The Void 🌌

Explorer

Payload Guardrails

Environmental Keying

User Profiling

Also Check Out:

Graph View

Backlinks

Recent Blog Posts

No More Network Bottlenecks

Unmasking Secrets - Deciphering Encrypted Passwords through Reverse Engineering

Conquering Goliath as a CCDC Blue Teamer

Explorer

Table of Contents

Recent Blog Posts

No More Network Bottlenecks

Unmasking Secrets - Deciphering Encrypted Passwords through Reverse Engineering

Conquering Goliath as a CCDC Blue Teamer