public-mirrors/LOLBAS
1
0
Fork 0
mirror of https://github.com/LOLBAS-Project/LOLBAS synced 2025-07-26 04:04:09 +02:00
Code Issues Projects Releases Wiki Activity

Adding Windows file path validation for values of File_Path (#403)

Browse Source
This commit is contained in:
Wietze
2024-10-01 23:14:19 +01:00
committed by GitHub
parent d8402e6651
commit 39a7120d40
22 changed files with 35 additions and 35 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
yml/OSBinaries/OneDriveStandaloneUpdater.yml
View File

@@ -12,7 +12,7 @@ Commands:
MitreID: T1105
OperatingSystem: Windows 10
Full_Path:
- Path: '%localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe'
- Path: 'C:\Users\<username>\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe'
Detection:
- IOC: HKCU\Software\Microsoft\OneDrive\UpdateOfficeConfig\UpdateRingSettingURLFromOC being set to a suspicious non-Microsoft controlled URL
- IOC: Reports of downloading from suspicious URLs in %localappdata%\OneDrive\setup\logs\StandaloneUpdate_*.log files

2
yml/OSBinaries/msedge_proxy.yml
View File

@@ -1,7 +1,7 @@
---
Name: msedge_proxy.exe
Full_Path:
- Path: C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge_proxy.exe
- Path: C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe
Description: Microsoft Edge Browser
Author: 'Mert Daş'
Created: 2023-08-18