Add: ben0xa/doucme to Persistence section

2025-01-20 12:31:34 -05:00 · 2021-05-01 22:21:00 +07:00 · 2021-05-01 22:21:00 +07:00 · a34d7b067d
commit a34d7b067d
parent df9cfd5bee
1 changed files with 4 additions and 0 deletions
--- a/Offensive.md
+++ b/Offensive.md
@ -535,6 +535,10 @@ Some tools can be categorized in more than one category. But because the current
        <td><a href="https://github.com/airzero24/PortMonitorPersist">airzero24/PortMonitorPersist</a></td>
        <td>PoC for Port Monitor Persistence</td>
    </tr>
+    <tr>
+        <td><a href="https://github.com/ben0xa/doucme">ben0xa/doucme</a></td>
+        <td>This leverages the NetUserAdd Win32 API to create a new computer account. This is done by setting the usri1_priv of the USER_INFO_1 type to 0x1000. The primary goal is to avoid the normal detection of new user created events (4720).</td>
+    </tr>
    <tr>
        <td><a href="https://github.com/fireeye/SharPersist">fireeye/SharPersist</a></td>
        <td>Windows persistence toolkit written in C#.</td>