Ingress payload to XOR'd file

/static/assets/windows-logo.svg
Sometimes it's useful to store payloads on a system for use later in an operation. In order to avoid detection by AV/EDR products, a simple XOR can be applied to the bytes before saving the item to disk. This imports a payload and XORs it to a random file on disk.
locked
View Command

To view this TTPs command, you must be logged in with a professional or enterprise license.

Login

Test this TTP

Download Operator (1.7.1)
Test this TTP using one of our Operator chains
Vulnerable Certificates

2021-10-19

/static/assets/windows-logo.svg
Ingress, load, and run Certify to find vulnerable certificates.
SharpHound

2021-09-07

/static/assets/windows-logo.svg
Ingress, load, and run the SharpHound collector.