https://github.com/mauricelambert/system32renamebackdoor

This repository implements a check on System32 executable files to detect backdoor by renamed file
https://github.com/mauricelambert/system32renamebackdoor

backdoor blue-team cmd detection forensics incident-response investigation soc

Last synced: 3 months ago
JSON representation

This repository implements a check on System32 executable files to detect backdoor by renamed file

• Host: GitHub
• URL: https://github.com/mauricelambert/system32renamebackdoor
• Owner: mauricelambert
• License: gpl-3.0
• Created: 2023-10-19T21:36:43.000Z (over 1 year ago)
• Default Branch: main
• Last Pushed: 2025-02-02T15:40:43.000Z (4 months ago)
• Last Synced: 2025-02-02T16:26:35.911Z (4 months ago)
• Topics: backdoor, blue-team, cmd, detection, forensics, incident-response, investigation, soc
• Language: PowerShell
• Homepage:
• Size: 39.1 KB
• Stars: 0
• Watchers: 1
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE.txt

Awesome Lists containing this project

README

        
![System32RenameBackdoor Logo](https://mauricelambert.github.io/info/CSharp/security/System32RenameBackdoor_small.png "System32RenameBackdoor logo")

# System32RenameBackdoor

## Description

This repository implements a check on System32 executable files to detect backdoor by renamed file.

## Requirements

1. To run the self-contained Windows executable:

     - No requirements

2. To compile:

     - Dotnet

3. To run the dotnet Windows executable:

     - Dotnet framework version 7

4. To run the powershell script:

     - Powershell version 5

## Compilation

### Git

```bash

git clone "https://github.com/mauricelambert/System32RenameBackdoor.git"

cd "System32RenameBackdoor"

dotnet build -c Release

```

### Wget

```bash

wget https://github.com/mauricelambert/System32RenameBackdoor/archive/refs/heads/main.zip

unzip main.zip

cd System32RenameBackdoor-main

dotnet build -c Release

```

### cURL

```bash

curl -O https://github.com/mauricelambert/System32RenameBackdoor/archive/refs/heads/main.zip

unzip main.zip

dotnet build -c Release

```

## Usages

### Command line

```bash

BackdoorCheck.exe                  # self-contained Windows executable

powershell .\BackdoorCheck.ps1     # Powershell script

BackdoorCheck\BackdoorCheck.exe    # .NET Windows executable

```

## Links

 - [Github](https://github.com/mauricelambert/System32RenameBackdoor)

 - [Windows executable](https://github.com/mauricelambert/System32RenameBackdoor/releases/latest)

## License

Licensed under the [GPL, version 3](https://www.gnu.org/licenses/).