Chains
TTPs
Blog
Login
Prelude chain browser
SharpHound
Create a random XOR byte and ingress and XOR a SharpHound payload to a temporary file on the target system. Bypass AMSI, load, and then run the XOR'd SharpHound payload in memory.
2021-09-07
Professional
This is a professional attack chain. A professional subscription automatically gives you access to this chain + 50 more, with direct integration inside of Operator.
Authors:
khyberspache
Execute this chain
Download Operator (1.7.1)
Learn about Operator
TTPs
Ingress payload to XOR'd file
Create an XOR byte
Bypass AMSI, load, and run XOR'd SharpHound payload
Tactics
Command-and-control
Collection
Execution
User-Set Custom Variables
payload.uri: 8c53e8a7a9e5a272029f65194540ec2490101a48/SharpHound.exe