public-mirrors/LOLBAS
1
0
Fork 0
mirror of https://github.com/LOLBAS-Project/LOLBAS synced 2025-07-28 21:22:07 +02:00
Code Issues Projects Releases Wiki Activity

Adding Windows file path validation for values of File_Path (#403)

Browse Source
This commit is contained in:
Wietze
2024-10-01 23:14:19 +01:00
committed by GitHub
parent d8402e6651
commit 39a7120d40
22 changed files with 35 additions and 35 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
yml/HonorableMentions/PowerShell.yml
View File

@@ -26,8 +26,8 @@ Commands:
MitreID: T1059.001
OperatingSystem: Windows 7 and up
Full_Path:
- Path: '%SystemRoot%\system32\WindowsPowerShell\v1.0\powershell.exe'
- Path: '%SystemRoot%\SysWOW64\WindowsPowerShell\v1.0\powershell.exe'
- Path: 'C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe'
- Path: 'C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe'
Detection:
- Sigma: https://github.com/SigmaHQ/sigma/tree/71ae004b32bb3c7fb04714f8a051fc8e5edda68c/rules/windows/powershell
Resources: