.. /Netsh.exe

Star

Netsh is a Windows tool used to manipulate network interface settings.

• https://freddiebarrsmith.com/trix/trix.html
• https://htmlpreview.github.io/?https://github.com/MatthewDemaske/blogbackup/blob/master/netshell.html
• https://liberty-shell.com/sec/2018/07/28/netshlep/

Execute

1. Use Netsh in order to execute a .dll file and also gain persistence, every time the netsh command is called

   netsh.exe add helper C:\Users\User\file.dll

   Use case

   Proxy execution of .dll

   Privileges required

   Admin

   Operating systems

   Windows Vista, Windows 7, Windows 8, Windows 8.1, Windows 10, Windows 11

   ATT&CK® technique

   T1546.007

   Tags

   Execute: DLL

   This LOLBAS executes Dynamic-Link Libraries (DLLs).