Skip to content

Commit

Permalink
Update NETCLRUsageLogs with system-scoped files
Browse files Browse the repository at this point in the history
  • Loading branch information
@Qazeer
Qazeer committed Nov 13, 2023
1 parent 1635a37 commit 339ce1a
Showing 1 changed file with 11 additions and 4 deletions.
15 changes: 11 additions & 4 deletions Targets/Windows/NETCLRUsageLogs.tkape
View file
Original file line number Diff line number Diff line change
@@ -1,14 +1,21 @@
Description: .NET CLR UsageLogs
Author: Matias Davaro
Version: 1.0
Author: Matias Davaro, Thomas DIOT (Qazeer)
Version: 1.1
Id: f127a2a3-d86f-4ede-96e7-52193db822ad
RecreateDirectories: true
Targets:
-
Name: .NET CLR UsageLogs
Name: .NET CLR UsageLogs (user-scoped)
Category: .NET CLR UsageLogs
Path: C:\Users\%user%\AppData\Local\Microsoft\CLR_*\UsageLogs
Path: C:\Users\%user%\AppData\Local\Microsoft\CLR_*\
Recursive: true
FileMask: '*.log'
-
Name: .NET CLR UsageLogs (system-scoped)
Category: .NET CLR UsageLogs
Path: C:\Windows*\System32\config\systemprofile\AppData\Local\Microsoft\CLR_*\
Recursive: true
FileMask: '*.log'

# Documentation
# https://bohops.com/2021/03/16/investigating-net-clr-usage-log-tampering-techniques-for-edr-evasion/
Expand Down

0 comments on commit 339ce1a

Please sign in to comment.