The Red Team Vade Mecum
Search…
The Red Team Vade Mecum
The Red Team Vade Mecum
Techniques
Defense Evasion
Binary Properties and Code Signing
ATA/ATP
Tips and Tricks
Basics
Disabling/Patching Telemetry
Minimization
Commands to Avoid
Pivoting
Benefits of Using APIs
Thread-less Payload Execution
DLL Hollowing
Misdirection
Hiding our Payloads
IPC For Evasion and Control
Privilege Escalation
Enumeration
Execution
Initial Access
Lateral Movement
Code Injection
Persistence
Infrastructure
SQL
Other
Windows Internals
Powered By GitBook
Benefits of Using APIs
WinApis are generally better than using commands to execute code or to gather info. The Pros of using APIs are:
  1. 1.
    Bypass command line logging(Defender may look specifically at LOLBins)
  2. 2.
    Confuse our activity with regular applications
  3. 3.
    May have additional functionality or for compatibility reasons
Here are some code snippets of using APIs for persistence:

Service Creation

SC_HANDLE hManager = OpenSCManager( NULL, NULL, SC_MANAGER_ALL_ACCESS );
SC_HANDLE service = CreateService(
hManager,
"ServiceName",
"Display Name",
GENERIC_READ | GENERIC_EXECUTE,
SERVICE_WIN32_OWN_PROCESS,
SERVICE_AUTO_START,
SERVICE_ERROR_IGNORE,
"C:\\Windows\\System32\\cmd.exe",
NULL, NULL, NULL, NULL, NULL
);
​
Previous
Pivoting
Next
Thread-less Payload Execution
Last modified 1yr ago
Copy link