mirror of
				https://github.com/LOLBAS-Project/LOLBAS
				synced 2025-10-25 23:05:58 +02:00 
			
		
		
		
	Remove % from Update.yml
This commit is contained in:
		| @@ -5,7 +5,7 @@ Author: 'Mr.Un1k0d3r' | ||||
| Created: '2019-06-26' | ||||
| Commands: | ||||
|   - Command: Update.exe --processStart payload.exe --process-start-args "whatever args" | ||||
|     Description: Copy your payload into %userprofile%\AppData\Local\Microsoft\Teams\current\. Then run the command. Update.exe will execute the file you copied. | ||||
|     Description: Copy your payload into userprofile\AppData\Local\Microsoft\Teams\current\. Then run the command. Update.exe will execute the file you copied. | ||||
|     Usecase: Application Whitelisting Bypass | ||||
|     Category: AWL Bypass | ||||
|     Privileges: User | ||||
| @@ -13,7 +13,7 @@ Commands: | ||||
|     MitreLink: https://attack.mitre.org/wiki/Technique/T1218 | ||||
|     OperatingSystem: Windows 7 and up with Microsoft Teams installed | ||||
|   - Command: Update.exe --processStart payload.exe --process-start-args "whatever args" | ||||
|     Description: Copy your payload into %userprofile%\AppData\Local\Microsoft\Teams\current\. Then run the command. Update.exe will execute the file you copied. | ||||
|     Description: Copy your payload into userprofile\AppData\Local\Microsoft\Teams\current\. Then run the command. Update.exe will execute the file you copied. | ||||
|     Usecase: Execute binary | ||||
|     Category: Execute | ||||
|     Privileges: User | ||||
| @@ -21,7 +21,7 @@ Commands: | ||||
|     MitreLink: https://attack.mitre.org/wiki/Technique/T1218 | ||||
|     OperatingSystem: Windows 7 and up with Microsoft Teams installed | ||||
| Full_Path: | ||||
|   - Path: '%userprofile%\AppData\Local\Microsoft\Teams\Update.exe' | ||||
|   - Path: userprofile\AppData\Local\Microsoft\Teams\Update.exe | ||||
| Detection:  | ||||
|   - IOC: Update.exe spawned an unknown process | ||||
| Resources: | ||||
|   | ||||
		Reference in New Issue
	
	Block a user