module
WMI Event Subscription Interval Persistence
| Disclosed |
|---|
| Jun 6, 2017 |
Disclosed
Jun 6, 2017
Description
This module will create a permanent WMI event subscription to achieve file-less persistence using an event filter
that triggers the payload after the specified CALLBACK_INTERVAL.
If the persistence is not installed, it will keep triggering payloads to spawn.
Additionally a custom command can be specified to run once the trigger is
activated using the advanced option CustomPsCommand. This module requires administrator level privileges as well as a
high integrity process. It is also recommended to use staged payloads due to powershell script length limitations.
that triggers the payload after the specified CALLBACK_INTERVAL.
If the persistence is not installed, it will keep triggering payloads to spawn.
Additionally a custom command can be specified to run once the trigger is
activated using the advanced option CustomPsCommand. This module requires administrator level privileges as well as a
high integrity process. It is also recommended to use staged payloads due to powershell script length limitations.
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.