Side-load Pneuma using Windows Defender

Run the vulnerable MsMpEng.exe executable with a Pneuma DLL in the same folder to perform a DLL side-load of Pneuma.
View Command

To view this TTPs command, you must be logged in with a professional or enterprise license.


Test this TTP

Download Operator (1.7.1)
Test this TTP using one of our Operator chains
Kaseya VSA Attack


Side-load an agent using components of the REvil ransomware attack kill chain.