public-mirrors/LOLBAS
1
0
Fork 0
mirror of https://github.com/LOLBAS-Project/LOLBAS synced 2025-07-26 04:04:09 +02:00
Code Issues Projects Releases Wiki Activity

Adding Windows file path validation for values of File_Path (#403)

Browse Source
This commit is contained in:
Wietze
2024-10-01 23:14:19 +01:00
committed by GitHub
parent d8402e6651
commit 39a7120d40
22 changed files with 35 additions and 35 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
yml/HonorableMentions/Code.yml
View File

@@ -12,7 +12,7 @@ Commands:
MitreID: T1219
OperatingSystem: Windows 10, Windows 11
Full_Path:
- Path: '%LOCALAPPDATA%\Programs\Microsoft VS Code\Code.exe'
- Path: 'C:\Users\<username>\AppData\Local\Programs\Microsoft VS Code\Code.exe'
- Path: C:\Program Files\Microsoft VS Code\Code.exe
- Path: C:\Program Files (x86)\Microsoft VS Code\Code.exe
Detection:

4
yml/HonorableMentions/PowerShell.yml
View File

@@ -26,8 +26,8 @@ Commands:
MitreID: T1059.001
OperatingSystem: Windows 7 and up
Full_Path:
- Path: '%SystemRoot%\system32\WindowsPowerShell\v1.0\powershell.exe'
- Path: '%SystemRoot%\SysWOW64\WindowsPowerShell\v1.0\powershell.exe'
- Path: 'C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe'
- Path: 'C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe'
Detection:
- Sigma: https://github.com/SigmaHQ/sigma/tree/71ae004b32bb3c7fb04714f8a051fc8e5edda68c/rules/windows/powershell
Resources: