public static void CreateLocalAccountApi(string log, bool cleanup)
{
string currentPath = AppDomain.CurrentDomain.BaseDirectory;
Lib.Logger logger = new Lib.Logger(currentPath + log);
logger.SimulationHeader("T1136.001");
logger.TimestampInfo("Using the Win32 API NetUserAdd function to execute the technique");
try
{
PersistenceHelper.CreateUserApi("haxor", logger, cleanup);
logger.SimulationFinished();
}
catch (Exception ex)
{
logger.SimulationFailed(ex);
}
}
public static void CreateAccountApi(string log)
{
string currentPath = AppDomain.CurrentDomain.BaseDirectory;
Lib.Logger logger = new Lib.Logger(currentPath + log);
logger.SimulationHeader("T1136");
//logger.TimestampInfo(String.Format("Starting T1136 Simulation on {0}", Environment.MachineName));
//logger.TimestampInfo(String.Format("Simulation agent running as {0} with PID:{1}", System.Reflection.Assembly.GetEntryAssembly().Location, Process.GetCurrentProcess().Id));
try
{
PersistenceHelper.CreateUser("haxor", logger);
logger.SimulationFinished();
}
catch (Exception ex)
{
logger.SimulationFailed(ex);
}
}
public static void CreateRegistryRunKeyNET(string log, bool cleanup)
{
string currentPath = AppDomain.CurrentDomain.BaseDirectory;
Lib.Logger logger = new Lib.Logger(currentPath + log);
logger.SimulationHeader("T1547.001");
logger.TimestampInfo("Using the Microsoft.Win32 .NET namespace to execute the technique");
try
{
PersistenceHelper.RegistryRunKey(logger, cleanup);
logger.SimulationFinished();
}
catch (Exception ex)
{
logger.SimulationFailed(ex);
}
}
public static void CreateWindowsServiceApi(string log, bool cleanup)
{
string currentPath = AppDomain.CurrentDomain.BaseDirectory;
Lib.Logger logger = new Lib.Logger(currentPath + log);
logger.SimulationHeader("T1543.003");
logger.TimestampInfo("Using the Win32 API CreateService function to execute the technique");
try
{
PersistenceHelper.CreateServiceApi(log, logger, cleanup);
logger.SimulationFinished();
}
catch (Exception ex)
{
logger.SimulationFailed(ex);
}
}