Let's try and do things like they're done in real attacks. While the media recently was all over ConnectWise ScreenConnect, we instead focus on AnyDesk - which is used by many Cybercriminals these days - in an Assumed Breach scenario.
We created a custom reverse shell from scratch and made it persistent - the result is scary, to say the least.
As promissed, we continue executing code using rundll32 on a fully updated system.
Today we're looking at one of the most simple evasions - it's always fascinating to wittness the beauty of traditional hacking exploration methods working to their full extend. The rundll32.exe comma bypass is one of these examples.
Take a look at our Pentesting and CTF Flowcharts - they should help you especially in the beginning.