public-mirrors/LOLBAS
1
0
Fork 0
mirror of https://github.com/LOLBAS-Project/LOLBAS synced 2024-12-30 16:54:00 +01:00
Code Issues Projects Releases Wiki Activity

Update Diskshadow.yml Tags

Browse Source 
Added Tags:
- Execute CMD
- Input CustomFormat
This commit is contained in:
hegusung 2024-10-13 13:03:33 +02:00 committed by GitHub
parent daee90f6cd
commit 0c36af16d5
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
yml/OSBinaries/Diskshadow.yml
View File

@ -11,6 +11,9 @@ Commands:
Privileges: User
MitreID: T1003.003
OperatingSystem: Windows server
Tags:
- Execute: CMD
- Input: Custom Format
- Command: diskshadow> exec calc.exe
Description: Execute commands using diskshadow.exe to spawn child process
Usecase: Use diskshadow to bypass defensive counter measures
@ -18,6 +21,9 @@ Commands:
Privileges: User
MitreID: T1202
OperatingSystem: Windows server
Tags:
- Execute: CMD
- Input: Custom Format
Full_Path:
- Path: C:\Windows\System32\diskshadow.exe
- Path: C:\Windows\SysWOW64\diskshadow.exe