Beacon DLL

As previously mentioned, DLL enforcement is not commonly enabled which allows us to call exported functions from DLLs on disk via rundll32. Beacon's DLL payload exposes several exports including DllMain and StartW. These can be changed in the Artifact Kit under src-main, dllmain.def.

C:\Windows\System32\rundll32.exe http_x64.dll,StartW
PreviousPowerShell CLMNextData Hunting & Exfiltration

Last updated