mirror of
https://github.com/LOLBAS-Project/LOLBAS
synced 2024-12-25 14:29:24 +01:00
Updated odbcconf.exe with discovery from @Hexacorn <3
This commit is contained in:
parent
cb9fa974dd
commit
13093c879e
@ -12,6 +12,14 @@ Commands:
|
||||
MitreID: T1218
|
||||
MitreLink: https://attack.mitre.org/wiki/Technique/T1218
|
||||
OperatingSystem: Windows vista, Windows 7, Windows 8, Windows 8.1, Windows 10
|
||||
- Command: odbcconf /a {REGSVR c:\test\test.dll}
|
||||
Description: Execute DllREgisterServer from DLL specified.
|
||||
Usecase: Execute dll file using technique that can evade defensive counter measures
|
||||
Category: Execute
|
||||
Privileges: User
|
||||
MitreID: T1218
|
||||
MitreLink: https://attack.mitre.org/wiki/Technique/T1218
|
||||
OperatingSystem: Windows vista, Windows 7, Windows 8, Windows 8.1, Windows 10
|
||||
Full_Path:
|
||||
- Path: C:\Windows\System32\odbcconf.exe
|
||||
- Path: C:\Windows\SysWOW64\odbcconf.exe
|
||||
@ -22,7 +30,10 @@ Detection:
|
||||
Resources:
|
||||
- Link: https://gist.github.com/NickTyrer/6ef02ce3fd623483137b45f65017352b
|
||||
- Link: https://github.com/woanware/application-restriction-bypasses
|
||||
- Link: https://twitter.com/Hexacorn/status/1187143326673330176
|
||||
Acknowledgement:
|
||||
- Person: Casey Smith
|
||||
Handle: '@subtee'
|
||||
- Person: Adam
|
||||
Handle: '@Hexacorn'
|
||||
---
|
Loading…
Reference in New Issue
Block a user