Completed template update of OterMSBinaries

2025-07-27 04:32:24 +02:00 · 2018-09-21 22:58:00 -04:00
parent 95dc80b8cd
commit 58e88b98f9
17 changed files with 189 additions and 67 deletions
--- a/yml/OtherMSBinaries/Rcsi.yml
+++ b/yml/OtherMSBinaries/Rcsi.yml
@@ -1,15 +1,22 @@
 ---
 Name: rcsi.exe
-Description: Execute
-Author: ''
+Description: Non-Interactive command line inerface included with Visual Studio.
+Author: 'Oddvar Moe'
 Created: '2018-05-25'
-Categories: []
 Commands:
  - Command: rcsi.exe bypass.csx
    Description: Use embedded C# within the csx script to execute the code.
+    Usecase: Local execution of arbitrary C# code stored in local CSX file.
+    Category: AWL Bypass
+    Privileges: User
+    MitreID: T1218
+    MitreLink: https://attack.mitre.org/wiki/Technique/T1218
+    OperatingSystem: Windows
 Full Path: ''
 Code Sample: []
 Detection: []
 Resources:
  - https://enigma0x3.net/2016/11/21/bypassing-application-whitelisting-by-using-rcsi-exe/
-Notes: Thanks to Matt Nelson - @enigma0x3
+Acknowledgement:
+  - Person: Matt Nelson
+    Handle: '@enigma0x3'