mirror of
https://github.com/LOLBAS-Project/LOLBAS
synced 2024-12-25 06:18:50 +01:00
LSASS realign to T1003.001
This commit is contained in:
parent
df8c88f4ca
commit
2380c506d4
@ -6,14 +6,14 @@ Created: 2018-05-25
|
||||
Commands:
|
||||
- Command: Scriptrunner.exe -appvscript calc.exe
|
||||
Description: Executes calc.exe
|
||||
Usecase: Execute binary through proxy binary to evade defensive counter measurments
|
||||
Usecase: Execute binary through proxy binary to evade defensive counter measures
|
||||
Category: Execute
|
||||
Privileges: User
|
||||
MitreID: T1202
|
||||
OperatingSystem: Windows vista, Windows 7, Windows 8, Windows 8.1, Windows 10
|
||||
- Command: ScriptRunner.exe -appvscript "\\fileserver\calc.cmd"
|
||||
Description: Executes calc.cmd from remote server
|
||||
Usecase: Execute binary through proxy binary from external server to evade defensive counter measurments
|
||||
Usecase: Execute binary through proxy binary from external server to evade defensive counter measures
|
||||
Category: Execute
|
||||
Privileges: User
|
||||
MitreID: T1218
|
||||
|
@ -9,7 +9,7 @@ Commands:
|
||||
Usecase: Dump Lsass.exe process memory to retrieve credentials.
|
||||
Category: Dump
|
||||
Privileges: SYSTEM
|
||||
MitreID: T1003
|
||||
MitreID: T1003.001
|
||||
OperatingSystem: Windows
|
||||
Full_Path:
|
||||
- Path: c:\windows\system32\comsvcs.dll
|
||||
|
@ -9,7 +9,7 @@ Commands:
|
||||
Usecase: Create memory dump and parse it offline
|
||||
Category: Dump
|
||||
Privileges: SYSTEM
|
||||
MitreID: T1003
|
||||
MitreID: T1003.001
|
||||
OperatingSystem: All Windows
|
||||
Full_Path:
|
||||
- Path: C:\Program Files (x86)\Windows Kits\10\Debuggers\x64\adplus.exe
|
||||
|
@ -16,7 +16,7 @@ Commands:
|
||||
Usecase: Dump LSASS.exe to Mimikatz compatible dump using PID.
|
||||
Category: Dump
|
||||
Privileges: Administrator
|
||||
MitreID: T1003
|
||||
MitreID: T1003.001
|
||||
OperatingSystem: Windows
|
||||
Full_Path:
|
||||
- Path: C:\Program Files\Microsoft SQL Server\90\Shared\SQLDumper.exe
|
||||
|
Loading…
Reference in New Issue
Block a user