UPDATE BOOKMARKS - PROJECT MOVED TO A DEDICATED PROJECT SITE. THIS SITE WILL NOT BE UPDATED ANYMORE, BUT WILL BE KEPT FOR HISTORICAL REASONS.
New site: https://github.com/LOLBAS-Project/LOLBAS Web portal: https://lolbas-project.github.io/
- Functions: Execute
Presentationhost.exe C:\temp\Evil.xbap
Acknowledgements:
- Casey Smith - @subtee
Code sample: *
Resources:
- https://github.com/api0cradle/ShmooCon-2015/blob/master/ShmooCon-2015-Simple-WLEvasion.pdf
- https://oddvar.moe/2017/12/21/applocker-case-study-how-insecure-is-it-really-part-2/
Full path:
c:\windows\system32\PresentationHost.exe
c:\windows\sysWOW64\PresentationHost.exe
Notes: