From a34d7b067d435b5a1cebe8697d5f8fd1fb06f886 Mon Sep 17 00:00:00 2001
From: pe3zx <pe3zx@users.noreply.github.com>
Date: Sat, 1 May 2021 22:21:00 +0700
Subject: [PATCH] Add: ben0xa/doucme to Persistence section

---
 Offensive.md | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/Offensive.md b/Offensive.md
index 908665c..34a74ff 100644
--- a/Offensive.md
+++ b/Offensive.md
@@ -535,6 +535,10 @@ Some tools can be categorized in more than one category. But because the current
         <td><a href="https://github.com/airzero24/PortMonitorPersist">airzero24/PortMonitorPersist</a></td>
         <td>PoC for Port Monitor Persistence</td>
     </tr>
+    <tr>
+        <td><a href="https://github.com/ben0xa/doucme">ben0xa/doucme</a></td>
+        <td>This leverages the NetUserAdd Win32 API to create a new computer account. This is done by setting the usri1_priv of the USER_INFO_1 type to 0x1000. The primary goal is to avoid the normal detection of new user created events (4720).</td>
+    </tr>
     <tr>
         <td><a href="https://github.com/fireeye/SharPersist">fireeye/SharPersist</a></td>
         <td>Windows persistence toolkit written in C#.</td>