From 33a8da933cd901e8281a9030ecf3bb11733b5577 Mon Sep 17 00:00:00 2001 From: akshat pradhan Date: Tue, 9 Nov 2021 08:14:43 +0530 Subject: [PATCH] Added AWL Bypass to Ssh.yml --- yml/OSBinaries/Ssh.yml | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/yml/OSBinaries/Ssh.yml b/yml/OSBinaries/Ssh.yml index 67378e1..c063039 100644 --- a/yml/OSBinaries/Ssh.yml +++ b/yml/OSBinaries/Ssh.yml @@ -11,6 +11,13 @@ Commands: Privileges: User MitreID: T1202 OperatingSystem: Windows 10 1809, Windows Server 2019 + - Command: ssh localhost calc.exe + Description: Executes calc.exe. + Usecase: Performs execution of specified file, can be used to bypass Application Whitelisting. + Category: AWL Bypass + Privileges: User + MitreID: T1202 + OperatingSystem: Windows 10 1809, Windows Server 2019 Full_Path: - Path: c:\windows\system32\OpenSSH\ssh.exe Detection: