Skip to content

harelsegev/cmd-guardian

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
 
 
 
 
 
 
 
 

Repository files navigation

CMD Guardian

guardian

CMD Guardian was initially written to prank my co-workers, but it can also be used for educational purposes. It demonstrates some living-off-the-land techniques that are often used by real-world attackers:

  • Persistence via Image File Execution Options
  • Fileless VBScript execution using rundll32 and mshtml.dll
  • Storing files in the registry
  • A self-deleting .vbs file
  • Decoding Base64 using CertUtil
  • Malicious .hta files

Warning

CMD Guardian is potentially harmful, and should only be installed in a safe and isolated environment, as if it were actual malware.

Installation

Disable Windows Defender before the installation

Windows Defender flags and blocks the persistence mechanism used by CMD Guardian, and rightfully so. It reactivates itself after being switched-off, so be sure to disable it permanently. Alternatively, you can install CMD Guardian on a Windows 7 machine, and avoid this hassle altogether.

To install CMD Guardian, simply execute the guardian.reg file. Then, open a command prompt and see what happens!

Limitations

CMD Guardian was tested on Windows 7, Windows 10 and Windows 11. It doesn't work on Windows XP.

License

MIT

About

A demo of some living-off-the-land techniques

Topics

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published