From 7a2ff4c25038bf26698538d1924ce6a9485a051d Mon Sep 17 00:00:00 2001
From: LuxNoBu!!shit <51244609+LuxNoBulIshit@users.noreply.github.com>
Date: Tue, 17 Mar 2020 03:04:20 +0200
Subject: [PATCH] Create ilasm.yml

---
 yml/OSBinaries/ilasm.yml | 37 +++++++++++++++++++++++++++++++++++++
 1 file changed, 37 insertions(+)
 create mode 100644 yml/OSBinaries/ilasm.yml

diff --git a/yml/OSBinaries/ilasm.yml b/yml/OSBinaries/ilasm.yml
new file mode 100644
index 0000000..154c86c
--- /dev/null
+++ b/yml/OSBinaries/ilasm.yml
@@ -0,0 +1,37 @@
+---
+Name: ilasm.exe
+Description: used for compile c# code into dll or exe.
+Author: Hai vaknin (lux)
+Created: 17/03/2020
+Commands:
+  - Command: 
+  ilasm.exe C:\public\test.txt /exe
+    Description: Binary file used by .NET to compile c# code to .exe
+    Usecase: Compile attacker code on system. Bypass defensive counter measures.
+    Category: Compile
+    Privileges required:User
+    MitreID: T1127
+    MitreLink: https://attack.mitre.org/techniques/T1127/
+    OperatingSystem: Windows 10,7 
+  - Command: ilasm.exe C:\Users\חי\Desktop\test.txt /dll
+    Description: Binary file used by .NET to compile c# code to dll
+    Usecase: A description of the usecase
+    Category: Compile
+    Privileges required:User
+    MitreID: T1127
+    MitreLink: https://attack.mitre.org/techniques/T1127/
+
+Full_Path:
+  - Path:
+ C:\Windows\Microsoft.NET\Framework\v4.0.30319\ilasm.exe
+ C:\Windows\Microsoft.NET\Framework\v4.0.30319\ilasm.exe
+Code_Sample: 
+Code:
+1.ilasm.exe C:\public\test.txt /exe
+2.ilasm.exe C:\Users\חי\Desktop\test.txt /dll
+Acknowledgement:
+  - Person: 
+Hai Vaknin(Lux) https://github.com/LuxNoBulIshit
+Lior Adar  
+
+---