Home / Security Testing / bohops Leveraging INF-SCT Fetch & Execute Techniques For Bypass, Evasion, & Persistence
bohops Leveraging INF-SCT Fetch & Execute Techniques For Bypass, Evasion, & Persistence

bohops Leveraging INF-SCT Fetch & Execute Techniques For Bypass, Evasion, & Persistence

Pricing: Free
Write a Review Visit Website
bohops Leveraging INF-SCT Fetch & Execute Techniques For Bypass, Evasion, & Persistence

What is bohops Leveraging INF-SCT Fetch & Execute Techniques For Bypass, Evasion, & Persistence

Detect capabilities in executable files and identify potential behaviors.

Exploring INF-SCT Fetch & Execute Techniques for Bypass, Evasion, and Persistence

In recent weeks, I have conducted research and testing on several intriguing namespaces and methods that are documented across various Microsoft and MSDN sources. These methods pertain to the execution of different COM scripts and scriptlets, such as VBScript and JScript. My main focus was to investigate potential new methods for invoking remote scripts, specifically ActiveX Objects. This exploration builds upon the excellent research that has already been conducted and documented by @subTee, @Oddvarmoe, @ItsReallyNick, @KyleHanslovan, @ChrisBisnett, and @NickTyrer.

Exploring Notable Findings in Remote Launch Methods

We discovered several intriguing findings, but the most significant was the identification of LaunchINFSection, a ‘new’ method for remotely launching staged SCT files that are configured within INF files. In this post, we will explore various known methods for launching INF-SCT files, introduce LaunchINFSection, and examine its use cases along with defensive considerations. Furthermore, we will reference additional techniques for executing remote scripts and scriptlets. INF-SCT Launch Methods There are several methods available for launching script component files ('.sct') through INF configuration files. These include InstallHinfSection (setupapi.dll), CMSTP, and LaunchINFSection (advpack.dll). Let’s take a closer look… Malicious INF-SCT Usage with Infected INF Files.
 

bohops Leveraging INF-SCT Fetch & Execute Techniques For Bypass, Evasion, & Persistence Reviews

Write a Review

No reviews yet. Be the first to review this tool!

Write a Review

Share your experience with bohops Leveraging INF-SCT Fetch & Execute Techniques For Bypass, Evasion, & Persistence tool and help others make informed decisions.

Similar Tools

View All Security Testing
Parrot Security (ParrotSec)
Free
Open Source Intelligence (OSINT)

Parrot Security (ParrotSec) View Parrot Security (ParrotSec)

Parrot Security OS (ParrotSec) is a specialized operating system engineered for comprehensive penetration testing and advanced Red Team operations. It offers an extensive collection of pre-installed tools, utilities, and libraries, empowering security professionals to conduct reliable, compliant, and reproducible assessments of digital assets. From initial reconnaissance through in-depth analysis to final reporting, ParrotSec provides a highly flexible and potent environment designed to cover the entire security assessment lifecycle.

Comprehensive penetration testing suite
Advanced Red Team capabilities
Extensive library of security tools
Kali Linux
Free
Vulnerability Scanning and Management

Kali Linux View Kali Linux

Kali Linux is a leading Debian-based open-source operating system meticulously engineered for advanced information security professionals. It offers a comprehensive suite of pre-installed tools and utilities for penetration testing, security research, digital forensics, and reverse engineering, enabling IT and security teams to efficiently and effectively assess system vulnerabilities from initial reconnaissance to final reporting. Kali Linux significantly streamlines the setup and configuration process, allowing professionals to deploy and utilize powerful security tools immediately, optimizing workflows and enhancing operational readiness.

Extensive collection of security tools
Debian-based for stability and compatibility
Optimized for rapid deployment and use
Ransomware Help
Free

Ransomware Help View Ransomware Help

Ransomware Help is your expert partner in swift and secure ransomware recovery, minimizing business disruption and data loss with advanced decryption and forensic techniques. Our certified professionals leverage cutting-edge technology and a meticulous approach to restore your critical data and fortify your defenses against future cyber threats through comprehensive consulting and backup solutions.

Rapid Ransomware Decryption Services
Certified Data Recovery Experts
State-of-the-Art Recovery Technology
Phylum
Free

Phylum View Phylum

Phylum, now part of Veracode, delivers automated software supply chain risk analysis, safeguarding organizations by proactively identifying and mitigating threats within open-source packages. Our solution offers comprehensive coverage across multiple languages, integrating seamlessly into CI/CD pipelines to enable policy-driven automation and the complete blocking of malicious or vulnerable packages, thereby empowering secure innovation.

Automated open-source package risk analysis
Immediate threat identification upon publication
Policy-driven risk management automation
Metasploit
Free
Offensive Security

Metasploit View Metasploit

Metasploit is the industry-leading open-source penetration testing platform, empowering security professionals to discover, exploit, and validate vulnerabilities with precision and efficiency. Its comprehensive framework provides a robust environment for developing and executing exploit code, managing security assessments, and enhancing defensive strategies through IDS signature development and anti-forensic techniques. Trusted globally, Metasploit accelerates your security testing lifecycle and strengthens your organization's defenses against emerging threats.

Extensive exploit module library
Vulnerability scanning and validation
Payload generation and management
ANY.RUN
Free

ANY.RUN View ANY.RUN

ANY.RUN is a cutting-edge interactive sandbox designed for comprehensive dynamic and static malware analysis. It empowers security professionals to dissect cyber threats by providing real-time visibility into process creation and execution during simulated environments. Unlike purely automated tools, ANY.RUN's interactive approach offers a robust and detailed understanding of malware behavior, crucial for effective threat intelligence and defense strategies.

Interactive Malware Sandbox
Real-time Process Monitoring
Dynamic & Static Analysis