MSI Files to evade detections
Description
An MSI (Microsoft Installer) is a standard Windows installation package format (.msi files) used to deploy software. Because MSI files are common and trusted by default in many environments, attackers or red teamers sometimes abuse them
Why MSIs?
- It has been evidenced that some EDRs are not able to correctly analyze MSI files, even when they are sent to their laboratory for analysis an error occurs
- You have several options, you can create an MSI that installs something legitimate and executes a command or downloads a DLL behind it
Reference: https://mgeeky.tech/msi-shenanigans-part-1/