diff --git a/YML-Template.yml b/YML-Template.yml index 5b3b17a..44c0e0b 100644 --- a/YML-Template.yml +++ b/YML-Template.yml @@ -34,7 +34,7 @@ Resources: - Link: Threatintelreport... Acknowledgement: - Person: John Doe - Handle: @johndoe + Handle: '@johndoe' - Person: Ola Norman - Handle: @olaNor + Handle: '@olaNor' --- diff --git a/yml/LOLUtilz/OSBinaries/Explorer.yml b/yml/LOLUtilz/OSBinaries/Explorer.yml index cdb2ddd..bcd987d 100644 --- a/yml/LOLUtilz/OSBinaries/Explorer.yml +++ b/yml/LOLUtilz/OSBinaries/Explorer.yml @@ -14,5 +14,7 @@ Code_Sample: [] Detection: [] Resources: - https://twitter.com/bohops/status/986984122563391488 -Notes: Thanks to Jimmy - @bohops +Acknowledgement: + - Person: Jimmy + Handle: '@bohops' diff --git a/yml/LOLUtilz/OSBinaries/Netsh.yml b/yml/LOLUtilz/OSBinaries/Netsh.yml index d6fd688..7e4ce80 100644 --- a/yml/LOLUtilz/OSBinaries/Netsh.yml +++ b/yml/LOLUtilz/OSBinaries/Netsh.yml @@ -22,5 +22,3 @@ Resources: - https://github.com/redcanaryco/atomic-red-team/blob/master/Windows/Persistence/Netsh_Helper_DLL.md - https://attack.mitre.org/wiki/Technique/T1128 - https://twitter.com/teemuluotio/status/990532938952527873 -Notes: '' - diff --git a/yml/LOLUtilz/OSBinaries/Nltest.yml b/yml/LOLUtilz/OSBinaries/Nltest.yml index 390bc03..4288719 100644 --- a/yml/LOLUtilz/OSBinaries/Nltest.yml +++ b/yml/LOLUtilz/OSBinaries/Nltest.yml @@ -14,4 +14,6 @@ Detection: [] Resources: - https://twitter.com/sysopfb/status/986799053668139009 - https://ss64.com/nt/nltest.html -Notes: Thanks to Sysopfb - @sysopfb +Acknowledgement: + - Person: Sysopfb + Handle: '@sysopfb' diff --git a/yml/LOLUtilz/OSBinaries/Openwith.yml b/yml/LOLUtilz/OSBinaries/Openwith.yml index 829f41a..656dc31 100644 --- a/yml/LOLUtilz/OSBinaries/Openwith.yml +++ b/yml/LOLUtilz/OSBinaries/Openwith.yml @@ -16,5 +16,6 @@ Code_Sample: [] Detection: [] Resources: - https://twitter.com/harr0ey/status/991670870384021504 -Notes: Thanks to Matt harr0ey - @harr0ey - +Acknowledgement: + - Person: Matt harr0ey + Handle: '@harr0ey' diff --git a/yml/LOLUtilz/OSBinaries/Powershell.yml b/yml/LOLUtilz/OSBinaries/Powershell.yml index eac5ec1..dfcc47b 100644 --- a/yml/LOLUtilz/OSBinaries/Powershell.yml +++ b/yml/LOLUtilz/OSBinaries/Powershell.yml @@ -14,5 +14,7 @@ Code_Sample: [] Detection: [] Resources: - https://twitter.com/Moriarty_Meng/status/984380793383370752 -Notes: Thanks to Moriarty - @Moriarty_Meng +Acknowledgement: + - Person: Moriarty + Handle: '@Moriarty_Meng' diff --git a/yml/LOLUtilz/OSBinaries/Psr.yml b/yml/LOLUtilz/OSBinaries/Psr.yml index bf0c3a2..eeafb02 100644 --- a/yml/LOLUtilz/OSBinaries/Psr.yml +++ b/yml/LOLUtilz/OSBinaries/Psr.yml @@ -18,5 +18,4 @@ Code_Sample: [] Detection: [] Resources: - https://www.sans.org/summit-archives/file/summit-archive-1493861893.pdf -Notes: 'Thanks to ' diff --git a/yml/LOLUtilz/OSBinaries/Robocopy.yml b/yml/LOLUtilz/OSBinaries/Robocopy.yml index a4bc42d..a14102d 100644 --- a/yml/LOLUtilz/OSBinaries/Robocopy.yml +++ b/yml/LOLUtilz/OSBinaries/Robocopy.yml @@ -16,5 +16,3 @@ Code_Sample: [] Detection: [] Resources: - https://social.technet.microsoft.com/wiki/contents/articles/1073.robocopy-and-a-few-examples.aspx -Notes: Thanks to Name of guy - @twitterhandle - diff --git a/yml/LOLUtilz/OtherBinaries/AcroRd32.yml b/yml/LOLUtilz/OtherBinaries/AcroRd32.yml index 0a2b30e..81af1bd 100644 --- a/yml/LOLUtilz/OtherBinaries/AcroRd32.yml +++ b/yml/LOLUtilz/OtherBinaries/AcroRd32.yml @@ -13,4 +13,6 @@ Code_Sample: [] Detection: [] Resources: - https://twitter.com/pabraeken/status/997997818362155008 -Notes: Thanks to Pierre-Alexandre Braeken - @pabraeken +Acknowledgement: + - Person: Pierre-Alexandre Braeken + Handle: '@pabraeken' diff --git a/yml/LOLUtilz/OtherBinaries/Gpup.yml b/yml/LOLUtilz/OtherBinaries/Gpup.yml index ce35964..a704097 100644 --- a/yml/LOLUtilz/OtherBinaries/Gpup.yml +++ b/yml/LOLUtilz/OtherBinaries/Gpup.yml @@ -13,4 +13,6 @@ Code_Sample: [] Detection: [] Resources: - https://twitter.com/pabraeken/status/997892519827558400 -Notes: Thanks to Pierre-Alexandre Braeken - @pabraeken +Acknowledgement: + - Person: Pierre-Alexandre Braeken + Handle: '@pabraeken' diff --git a/yml/LOLUtilz/OtherBinaries/Nlnotes.yml b/yml/LOLUtilz/OtherBinaries/Nlnotes.yml index a66bdba..0e9615e 100644 --- a/yml/LOLUtilz/OtherBinaries/Nlnotes.yml +++ b/yml/LOLUtilz/OtherBinaries/Nlnotes.yml @@ -14,4 +14,6 @@ Detection: [] Resources: - https://gist.github.com/danielbohannon/50ec800e92a888b7d45486e5733c359f - https://twitter.com/HanseSecure/status/995578436059127808 -Notes: Thanks to Daniel Bohannon - @danielhbohannon +Acknowledgement: + - Person: Daniel Bohannon + Handle: '@danielhbohannon' diff --git a/yml/LOLUtilz/OtherBinaries/Notes.yml b/yml/LOLUtilz/OtherBinaries/Notes.yml index 79d3bab..479ae55 100644 --- a/yml/LOLUtilz/OtherBinaries/Notes.yml +++ b/yml/LOLUtilz/OtherBinaries/Notes.yml @@ -14,4 +14,6 @@ Detection: [] Resources: - https://gist.github.com/danielbohannon/50ec800e92a888b7d45486e5733c359f - https://twitter.com/HanseSecure/status/995578436059127808 -Notes: Thanks to Daniel Bohannon - @danielhbohannon +Acknowledgement: + - Person: Daniel Bohannon + Handle: '@danielhbohannon' diff --git a/yml/LOLUtilz/OtherBinaries/Nvudisp.yml b/yml/LOLUtilz/OtherBinaries/Nvudisp.yml index b421a69..d0d439d 100644 --- a/yml/LOLUtilz/OtherBinaries/Nvudisp.yml +++ b/yml/LOLUtilz/OtherBinaries/Nvudisp.yml @@ -23,4 +23,7 @@ Code_Sample: [] Detection: [] Resources: - http://sysadminconcombre.blogspot.ca/2018/04/run-system-commands-through-nvidia.html -Notes: Thanks to Pierre-Alexandre Braeken - @pabraeken +Acknowledgement: + - Person: Pierre-Alexandre Braeken + Handle: '@pabraeken' + diff --git a/yml/LOLUtilz/OtherBinaries/Nvuhda6.yml b/yml/LOLUtilz/OtherBinaries/Nvuhda6.yml index c6cdbeb..f7961f8 100644 --- a/yml/LOLUtilz/OtherBinaries/Nvuhda6.yml +++ b/yml/LOLUtilz/OtherBinaries/Nvuhda6.yml @@ -23,4 +23,6 @@ Code_Sample: [] Detection: [] Resources: - http://www.hexacorn.com/blog/2017/11/10/reusigned-binaries-living-off-the-signed-land/ -Notes: Thanks to Adam - @hexacorn +Acknowledgement: + - Person: Adam + Handle: '@hexacorn' diff --git a/yml/LOLUtilz/OtherBinaries/ROCCAT_Swarm.yml b/yml/LOLUtilz/OtherBinaries/ROCCAT_Swarm.yml index 50e4bfb..f5cf18d 100644 --- a/yml/LOLUtilz/OtherBinaries/ROCCAT_Swarm.yml +++ b/yml/LOLUtilz/OtherBinaries/ROCCAT_Swarm.yml @@ -13,4 +13,6 @@ Code_Sample: [] Detection: [] Resources: - https://twitter.com/pabraeken/status/994213164484001793 -Notes: Thanks to Pierre-Alexandre Braeken - @pabraeken +Acknowledgement: + - Person: Pierre-Alexandre Braeken + Handle: '@pabraeken' diff --git a/yml/LOLUtilz/OtherBinaries/Setup.yml b/yml/LOLUtilz/OtherBinaries/Setup.yml index d777ed7..0dac609 100644 --- a/yml/LOLUtilz/OtherBinaries/Setup.yml +++ b/yml/LOLUtilz/OtherBinaries/Setup.yml @@ -13,4 +13,6 @@ Code_Sample: [] Detection: [] Resources: - https://twitter.com/pabraeken/status/994381620588236800 -Notes: Thanks to Pierre-Alexandre Braeken - @pabraeken +Acknowledgement: + - Person: Pierre-Alexandre Braeken + Handle: '@pabraeken' diff --git a/yml/LOLUtilz/OtherBinaries/Usbinst.yml b/yml/LOLUtilz/OtherBinaries/Usbinst.yml index abcd144..4c31160 100644 --- a/yml/LOLUtilz/OtherBinaries/Usbinst.yml +++ b/yml/LOLUtilz/OtherBinaries/Usbinst.yml @@ -13,4 +13,6 @@ Code_Sample: [] Detection: [] Resources: - https://twitter.com/pabraeken/status/993514357807108096 -Notes: Thanks to Pierre-Alexandre Braeken - @pabraeken +Acknowledgement: + - Person: Pierre-Alexandre Braeken + Handle: '@pabraeken' diff --git a/yml/LOLUtilz/OtherBinaries/VBoxDrvInst.yml b/yml/LOLUtilz/OtherBinaries/VBoxDrvInst.yml index 3702e0f..593dea1 100644 --- a/yml/LOLUtilz/OtherBinaries/VBoxDrvInst.yml +++ b/yml/LOLUtilz/OtherBinaries/VBoxDrvInst.yml @@ -13,4 +13,6 @@ Code_Sample: [] Detection: [] Resources: - https://twitter.com/pabraeken/status/993497996179492864 -Notes: Thanks to Pierre-Alexandre Braeken - @pabraeken +Acknowledgement: + - Person: Pierre-Alexandre Braeken + Handle: '@pabraeken' diff --git a/yml/LOLUtilz/OtherScripts/Testxlst.yml b/yml/LOLUtilz/OtherScripts/Testxlst.yml index 05eb340..029eee3 100644 --- a/yml/LOLUtilz/OtherScripts/Testxlst.yml +++ b/yml/LOLUtilz/OtherScripts/Testxlst.yml @@ -25,4 +25,6 @@ Detection: [] Resources: - https://twitter.com/bohops/status/993314069116485632 - https://github.com/mhammond/pywin32 -Notes: Thanks to Jimmy - @bohops +Acknowledgement: + - Person: Jimmy + Handle: '@bohops' diff --git a/yml/OSLibraries/Advpack.yml b/yml/OSLibraries/Advpack.yml index 7d61259..cca0d1b 100644 --- a/yml/OSLibraries/Advpack.yml +++ b/yml/OSLibraries/Advpack.yml @@ -55,7 +55,7 @@ Resources: - Link: https://twitter.com/ItsReallyNick/status/967859147977850880 - Link: https://twitter.com/bohops/status/974497123101179904 - Link: https://twitter.com/moriarty_meng/status/977848311603380224 -Acknowledegment: +Acknowledgement: - Person: Jimmy (LaunchINFSection) Handle: '@bohops' - Person: Fabrizio (RegisterOCX - DLL) diff --git a/yml/OtherMSBinaries/Cdb.yml b/yml/OtherMSBinaries/Cdb.yml index 0183c57..db03291 100644 --- a/yml/OtherMSBinaries/Cdb.yml +++ b/yml/OtherMSBinaries/Cdb.yml @@ -23,7 +23,7 @@ Resources: - Link: http://www.exploit-monday.com/2016/08/windbg-cdb-shellcode-runner.html - Link: https://docs.microsoft.com/en-us/windows-hardware/drivers/debugger/cdb-command-line-options - Link: https://gist.github.com/mattifestation/94e2b0a9e3fe1ac0a433b5c3e6bd0bda -Acknoledgement: +Acknowledgement: - Person: Matt Graeber Handle: '@mattifestation' --- diff --git a/yml/OtherMSBinaries/Tracker.yml b/yml/OtherMSBinaries/Tracker.yml index e0c4fc2..700bc28 100644 --- a/yml/OtherMSBinaries/Tracker.yml +++ b/yml/OtherMSBinaries/Tracker.yml @@ -29,7 +29,7 @@ Detection: Resources: - Link: https://twitter.com/subTee/status/793151392185589760 - Link: https://attack.mitre.org/wiki/Execution -Acknowledgment: +Acknowledgement: - Person: Casey Smith Handle: '@subTee' ---