Iron Castle Systems

Search

Skip to content

VMware
AWS
Powershell
Security
Projects
Misc.
Client Access
About

Search for:

RAT Delivered Through FODHelper , (Thu, Sep 22nd)

September 22, 2022 David Leave a comment

This post was originally published on this site

I found a simple batch file that drops a Remcos[1] RAT through an old UAC Bypass technique. This technique is based on the "fodhelper" utility ("Features On Demand Helper"). Once launched, this tool will search for specific registry keys and, if present, will execute their content with high privileges.

Post navigation

Previous PostPhishing Campaigns Use Free Online Resources, (Wed, Sep 21st)Next PostAA22-265A: Control System Defense: Know the Opponent

Leave a Reply Cancel reply

You must be logged in to post a comment.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

VMware

Licensing Activation for Vsphere Essentials support loop? March 20, 2023
Windows 11 on ESXI free license March 20, 2023
Vcenter server Hardware compatibility March 20, 2023
Risk of disabling VBS March 20, 2023
APC UPS with Esxi March 20, 2023

SANS Security

From Phishing Kit To Telegram... or Not!, (Mon, Mar 20th) March 20, 2023
ISC Stormcast For Monday, March 20th, 2023 https://isc.sans.edu/podcastdetail.html?id=8416, (Mon, Mar 20th) March 20, 2023
Old Backdoor, New Obfuscation, (Sat, Mar 18th) March 18, 2023
ISC Stormcast For Friday, March 17th, 2023 https://isc.sans.edu/podcastdetail.html?id=8414, (Fri, Mar 17th) March 17, 2023
Simple Shellcode Dissection, (Thu, Mar 16th) March 16, 2023

AWS

AWS Chatbot Now Integrates With Microsoft Teams March 16, 2023
Amazon Linux 2023, a Cloud-Optimized Linux Distribution with Long-Term Support March 15, 2023
Celebrate Amazon S3’s 17th birthday at AWS Pi Day 2023 March 14, 2023
New – Use Amazon S3 Object Lambda with Amazon CloudFront to Tailor Content for End Users March 14, 2023
AWS Week in Review – March 13, 2023 March 14, 2023

Microsoft

Breaking new ground in healthcare with the next evolution of AI March 20, 2023
Prompts for communicators using the new AI-powered Bing March 16, 2023
Introducing Microsoft 365 Copilot – your copilot for work March 16, 2023
Introducing Microsoft Dynamics 365 Copilot, the world’s first copilot in both CRM and ERP, that brings next-generation AI to every line of business March 6, 2023
From gatekeeper to innovator: How finance teams are using technology to drive strategic innovation February 28, 2023

Iron Castle Systems

Tag Cloud

AWS
Microsoft
Powershell
SANS
Security
Virtualization
VMware

Recent Posts

From Phishing Kit To Telegram… or Not!, (Mon, Mar 20th) March 20, 2023
Old Backdoor, New Obfuscation, (Sat, Mar 18th) March 18, 2023
AWS Chatbot Now Integrates With Microsoft Teams March 16, 2023
Simple Shellcode Dissection, (Thu, Mar 16th) March 16, 2023
Amazon Linux 2023, a Cloud-Optimized Linux Distribution with Long-Term Support March 15, 2023

Archives

Iron Castle System info@ironcastle.net Proudly powered by WordPress Theme - twentyfourteen

Manage Cookie Consent

To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.

Functional Functional Always active

The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.

Preferences Preferences

The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.

Statistics Statistics

The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.

Marketing Marketing

The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.

Manage options Manage services Manage vendors Read more about these purposes

View preferences

{title} {title} {title}