Benefits of Using APIs
WinApis are generally better than using commands to execute code or to gather info. The Pros of using APIs are:
Bypass command line logging(Defender may look specifically at LOLBins)
Confuse our activity with regular applications
May have additional functionality or for compatibility reasons
Here are some code snippets of using APIs for persistence:
Service Creation
SC_HANDLE hManager = OpenSCManager( NULL, NULL, SC_MANAGER_ALL_ACCESS );
SC_HANDLE service = CreateService(
hManager,
"ServiceName",
"Display Name",
GENERIC_READ | GENERIC_EXECUTE,
SERVICE_WIN32_OWN_PROCESS,
SERVICE_AUTO_START,
SERVICE_ERROR_IGNORE,
"C:\\Windows\\System32\\cmd.exe",
NULL, NULL, NULL, NULL, NULL
);
Last updated
Was this helpful?