search

Patrick-DE / RTT-Docs

Public repository for the techniques and tools shown on rtt.secdu.de
GNU Affero General Public License v3.0
1 stars 0 forks source link

New tool: ThreatCheck #83

Closed molatho closed 1 year ago

molatho commented 1 year ago 
{
  "name": "ThreatCheck",
  "phases": [
    "10. Bypassing Defenses"
  ],
  "category": "",
  "stealthy": false,
  "platforms": [
    "Windows"
  ],
  "source": "https://github.com/rasta-mouse/ThreatCheck",
  "description": "Identifies the bytes that Microsoft Defender / AMSI consumer flag on.",
  "undetected": [],
  "detected": [
    "Windows Defender (AV)"
  ],
  "commands": [
    {
      "id": "4a124d6d-4462-420b-b28c-c687b67e5d49",
      "name": "Process file w/ Defender",
      "description": "Runs a file through Defender and determines detected bytes.",
      "tag": "",
      "results": [],
      "cmd": "ThreatCheck.exe --file binary.exe"
    },
    {
      "id": "02a434e6-e0cc-4819-8d14-75b5ea2440e5",
      "name": "Process file w/ AMSI",
      "description": "Runs a file through Defender and determines detected bytes.",
      "tag": "",
      "results": [],
      "cmd": "ThreatCheck.exe --engine AMSI --file binary.exe"
    }
  ],
  "latest_commit": "2023-04-04T03:06:16Z"
}