public-mirrors/LOLBAS
1
0
Fork 0
mirror of https://github.com/LOLBAS-Project/LOLBAS synced 2025-01-14 07:41:38 +01:00
Code Issues Projects Releases Wiki Activity

Adding .gitattributes file, fixing template/checks (#253)

Browse Source
This commit is contained in:
Conor Richard 2022-10-04 06:50:59 -04:00 committed by GitHub
parent 83ca9aa197
commit 143a6639f8
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 14 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitattributes vendored Normal file
View File

@ -0,0 +1 @@
*.yml text eol=lf

5
.github/workflows/yaml-linting.yml vendored
View File

@ -13,6 +13,11 @@ jobs:
no_warnings: true no_warnings: true
file_or_dir: yml/**/*.yml file_or_dir: yml/**/*.yml
config_file: .github/.yamllint config_file: .github/.yamllint
- name: Validate Template Schema
uses: cketti/action-pykwalify@v0.3-temp-fix
with:
files: YML-Template.yml
schema: YML-Schema.yml
- name: Validate OSBinaries YAML Schema - name: Validate OSBinaries YAML Schema
uses: cketti/action-pykwalify@v0.3-temp-fix uses: cketti/action-pykwalify@v0.3-temp-fix
with: with:

18
YML-Template.yml
View File

@ -4,12 +4,10 @@ Description: Something general about the binary
Aliases: # Optional field if any common aliases exist of the binary with nearly the same functionality, Aliases: # Optional field if any common aliases exist of the binary with nearly the same functionality,
- Alias: Binary64.exe # but for example, is built for different architecture. - Alias: Binary64.exe # but for example, is built for different architecture.
Author: The name of the person that created this file Author: The name of the person that created this file
Created: YYYY-MM-DD (date the person created this file) Created: 1970-01-01 # YYYY-MM-DD (date the person created this file)
Commands: Commands:
- Command: The command - Command: The command
Description: Description of the command Description: Description of the command
Aliases:
- An alias for the command (example: ProcDump.exe & ProcDump64.exe)
Usecase: A description of the usecase Usecase: A description of the usecase
Category: Execute Category: Execute
Privileges: Required privs Privileges: Required privs
@ -26,19 +24,19 @@ Full_Path:
- Path: c:\windows\system32\bin.exe - Path: c:\windows\system32\bin.exe
- Path: c:\windows\syswow64\bin.exe - Path: c:\windows\syswow64\bin.exe
Code_Sample: Code_Sample:
- Code: http://url.com/git.txt - Code: http://example.com/git.txt
Detection: Detection:
- IOC: Event ID 10 - IOC: Event ID 10
- IOC: binary.exe spawned - IOC: binary.exe spawned
- Analysis: https://link/to/blog/gist/writeup/if/applicable - Analysis: https://example.com/to/blog/gist/writeup/if/applicable
- Sigma: https://link/to/sigma/rule/if/applicable - Sigma: https://example.com/to/sigma/rule/if/applicable
- Elastic: https://link/to/elastic/rule/if/applicable - Elastic: https://example.com/to/elastic/rule/if/applicable
- Splunk: https://link/to/splunk/rule/if/applicable - Splunk: https://example.com/to/splunk/rule/if/applicable
- BlockRule: https://link/to/microsoft/block/rules/if/applicable - BlockRule: https://example.com/to/microsoft/block/rules/if/applicable
Resources: Resources:
- Link: http://blogpost.com - Link: http://blogpost.com
- Link: http://twitter.com/something - Link: http://twitter.com/something
- Link: Threatintelreport... - Link: http://example.com/Threatintelreport
Acknowledgement: Acknowledgement:
- Person: John Doe - Person: John Doe
Handle: '@johndoe' Handle: '@johndoe'