Ingress payload to XOR'd file

Sometimes it's useful to store payloads on a system for use later in an operation. In order to avoid detection by AV/EDR products, a simple XOR can be applied to the bytes before saving the item to disk. This imports a payload and XORs it to a random file on disk.
View Command

To view this TTPs command, you must be logged in with a professional or enterprise license.


Test this TTP

Download Operator (1.7.0)
Test this TTP using one of our Operator chains
Vulnerable Certificates


Ingress, load, and run Certify to find vulnerable certificates.


Ingress, load, and run the SharpHound collector.