Skip to content
This repository has been archived by the owner on Dec 11, 2018. It is now read-only.

Latest commit

 

History

History
35 lines (25 loc) · 791 Bytes

Mftrace.md

File metadata and controls

35 lines (25 loc) · 791 Bytes
Raw

UPDATE BOOKMARKS - PROJECT MOVED TO A DEDICATED PROJECT SITE. THIS SITE WILL NOT BE UPDATED ANYMORE, BUT WILL BE KEPT FOR HISTORICAL REASONS.

New site: https://github.com/LOLBAS-Project/LOLBAS Web portal: https://lolbas-project.github.io/

Mftrace.exe

  • Functions: Execute
Mftrace.exe cmd.exe     

Mftrace.exe powershell.exe

Acknowledgements:

  • Fab#### - @0rbz_

Code sample: *

Resources:

Full path:

C:\Program Files (x86)\Windows Kits\10\bin\10.0.16299.0\x86    
C:\Program Files (x86)\Windows Kits\10\bin\10.0.16299.0\x64     
C:\Program Files (x86)\Windows Kits\10\bin\x86
C:\Program Files (x86)\Windows Kits\10\bin\x64

Notes: Mftrace.exe only needs Mfdetours.dll in same folder to work.

Detection: