cd ../$RANDOM

Simple Trick For Red Teams

1 minute read

If you have an unsigned binary, which requires administrator privileges, when a target runs the binary following window will show up:


The window’s header is yellow, which means the binary is not signed, also in the current example, a publisher is unknown.

There is a way to request administrator privileges a bit more convincing way, execute cmd.exe with elevated privileges and run your binary from the cmd.exe process.


With this approach, the window is blue (binary is signed) and also publisher is Microsoft, it’s more likely that the target will approve the request:


Twitter: @_qaz_qaz