UPDATE BOOKMARKS - PROJECT MOVED TO A DEDICATED PROJECT SITE. THIS SITE WILL NOT BE UPDATED ANYMORE, BUT WILL BE KEPT FOR HISTORICAL REASONS.
New site: https://github.com/LOLBAS-Project/LOLBAS Web portal: https://lolbas-project.github.io/
- Functions: Execute
ATBroker.exe /start malware
Acknowledgements:
- Adam - @hexacorn
Code sample:
- Missing
Resources:
Full path:
C:\Windows\System32\Atbroker.exe
C:\Windows\SysWOW64\Atbroker.exe
Notes: In Windows 10 you need to add registry keys under: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Accessibility\ATs