mirror of
https://github.com/LOLBAS-Project/LOLBAS
synced 2024-12-28 15:58:24 +01:00
Added AWL Bypass to Ssh.yml
This commit is contained in:
parent
dfc7d40b1f
commit
33a8da933c
@ -11,6 +11,13 @@ Commands:
|
|||||||
Privileges: User
|
Privileges: User
|
||||||
MitreID: T1202
|
MitreID: T1202
|
||||||
OperatingSystem: Windows 10 1809, Windows Server 2019
|
OperatingSystem: Windows 10 1809, Windows Server 2019
|
||||||
|
- Command: ssh localhost calc.exe
|
||||||
|
Description: Executes calc.exe.
|
||||||
|
Usecase: Performs execution of specified file, can be used to bypass Application Whitelisting.
|
||||||
|
Category: AWL Bypass
|
||||||
|
Privileges: User
|
||||||
|
MitreID: T1202
|
||||||
|
OperatingSystem: Windows 10 1809, Windows Server 2019
|
||||||
Full_Path:
|
Full_Path:
|
||||||
- Path: c:\windows\system32\OpenSSH\ssh.exe
|
- Path: c:\windows\system32\OpenSSH\ssh.exe
|
||||||
Detection:
|
Detection:
|
||||||
|
Loading…
Reference in New Issue
Block a user