.. /Syssetup.dll

Star

Windows NT System Setup

• https://twitter.com/pabraeken/status/994392481927258113
• https://twitter.com/harr0ey/status/975350238184697857
• https://twitter.com/bohops/status/975549525938135040
• https://windows10dll.nirsoft.net/syssetup_dll.html

AWL bypass

1. Execute the specified (local or remote) .wsh/.sct script with scrobj.dll in the .inf file by calling an information file directive (section name specified).

   rundll32.exe syssetup.dll,SetupInfObjectInstallAction DefaultInstall 128 c:\test\shady.inf

   Use case

   Run local or remote script(let) code through INF file specification (Note May pop an error window).

   Privileges required

   User

   Operating systems

   Windows 10, Windows 11

   ATT&CK® technique

   T1218.011

   Tags

   Input: INF

   This function was tagged with "Input: INF".

Execute

1. Launch an executable file via the SetupInfObjectInstallAction function and .inf file section directive.

   rundll32 syssetup.dll,SetupInfObjectInstallAction DefaultInstall 128 c:\temp\something.inf

   Use case

   Load an executable payload.

   Privileges required

   User

   Operating systems

   Windows 10, Windows 11

   ATT&CK® technique

   T1218.011

   Tags

   Input: INF

   This function was tagged with "Input: INF".