Abuse EQNEDT32.EXE CVE-2017-11882

Overview of CVE-2017-11882 CVE-2017-11882 affects several versions of Microsoft Office and, when exploited, allows a remote user to run arbitrary code in the context of the current user as a result of improperly handling objects in memory. The vulnerability exists in the old Equation […]

Abuse SilentCleanup Task

Overview of Abuse SilentCleanup Task There’s a task in Windows Task Scheduler called “SilentCleanup” which, while it’s executed as Users, automatically runs with elevated privileges. When it runs, it executes the file “%windir%\system32\cleanmgr.exe”. Since it runs as Users, and its possible to control user’s […]

PowerSploit PsExec for PowerShell

Overview of PowerSploit PsExec PowerSploit PowerShell script (Invoke-PsExec.ps1) from Empire is a function (cmdlet) that lets you execute PowerShell and batch/cmd.exe code asynchronously on target Windows computers, using PsExec.exe.   References https://github.com/EmpireProject/Empire/blob/master/data/module_source/lateral_movement/Invoke-PsExec.ps1   Request Access to Use Case Repository