SharPersist and an existing Cobalt Strike beacon required.
Convert payload PowerShell to Base64 (note that PowerShell encoded command option -enc
only accept UTF-16LE):
Pretend the output is:
In an active beacon session:
where:
-t
is the desired persistence technique.
-c
is the command to execute.
-a
are any arguments for that command.
-n
is the name of the task.
-m
is to add the task (you can also remove, check and list).
-o
is the task frequency.