public-mirrors/LOLBAS
1
0
Fork 0
mirror of https://github.com/LOLBAS-Project/LOLBAS synced 2025-11-04 10:39:56 +01:00
Code Issues Projects Releases Wiki Activity

Update Diskshadow.yml Tags

Browse Source 
Added Tags:
- Execute CMD
- Input CustomFormat
This commit is contained in:
hegusung
2024-10-13 13:03:33 +02:00
committed by GitHub
parent daee90f6cd
commit 0c36af16d5
1 changed files with 6 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
yml/OSBinaries/Diskshadow.yml
View File

@@ -11,6 +11,9 @@ Commands:
Privileges: User
MitreID: T1003.003
OperatingSystem: Windows server
Tags:
- Execute: CMD
- Input: Custom Format
- Command: diskshadow> exec calc.exe
Description: Execute commands using diskshadow.exe to spawn child process
Usecase: Use diskshadow to bypass defensive counter measures
@@ -18,6 +21,9 @@ Commands:
Privileges: User
MitreID: T1202
OperatingSystem: Windows server
Tags:
- Execute: CMD
- Input: Custom Format
Full_Path:
- Path: C:\Windows\System32\diskshadow.exe
- Path: C:\Windows\SysWOW64\diskshadow.exe