Create a random XOR byte and ingress and XOR a SharpHound payload to a temporary file on the target system. Bypass AMSI, load, and then run the XOR'd SharpHound payload in memory.
BloodHound shows both attackers and defenders attacks paths through Active Directory (AD) environments.
The SharpHound collector is used to gather the necessary data from the target environment to discover those attacks paths inside BloodHound. Automate staging a randomized collector and bypassing security mechanisms to gather that data.
This chain includes the following resources:(hover over elements to read details)
- Bypass AMSI, load, and run XOR'd SharpHound payload
- Create an XOR byte
- Ingress payload to XOR'd file
User-Set Custom Variables
- payload.uri: /discovery/bloodhound/SharpHound.exe