Skip to content

Commit

Permalink
Update README.md
Browse files Browse the repository at this point in the history
  • Loading branch information
@sbousseaden
sbousseaden authored May 22, 2019
1 parent 4f4ca9e commit 0313053
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@ Can be useful for:
13. Execute sct stuff using regsvr32\scrobj.dll from pastebin (both ms binaries renamed and normal ones captured) -> exec_sysmon_1_lolbin_renamed_regsvr32_scrobj.evtx & exec_sysmon_lobin_regsvr32_sct.evtx
12. AMSI bypass via jscript9.dll (not instrumented by AMSI) -> exec_sysmon_1_7_jscript9_defense_evasion.evtx
13. rundll32 (mshtml,RunHTMLApplication)-> mshta -> schtasks.exe -> exec_persist_rundll32_mshta_scheduledtask_sysmon_1_3_11.evtx
14. Exec via Drive-by "Adobe Flash CVE-2018-15982" -> exec_driveby_cve-2018-15982_sysmon_1_10.evtx
14. Exec via Drive-by "Adobe Flash CVE-2018-15982" -> exec_driveby_cve-2018-15982_sysmon_1_10.evtx (SrcImg=iexplorer.exe and CallTrace contains "UNKNOWN")


## Reconnaissance:
Expand Down

0 comments on commit 0313053

Please sign in to comment.