From 65e05aa4d64474a61b6da15f86dce431609dd679 Mon Sep 17 00:00:00 2001
From: Avihay Eldad <46644022+avihayeldad@users.noreply.github.com>
Date: Sun, 31 Mar 2024 15:43:00 +0300
Subject: [PATCH] Update Te.yml (#359)

Co-authored-by: Wietze <wietze@users.noreply.github.com>
---
 yml/OtherMSBinaries/Te.yml | 17 +++++++++++++----
 1 file changed, 13 insertions(+), 4 deletions(-)

diff --git a/yml/OtherMSBinaries/Te.yml b/yml/OtherMSBinaries/Te.yml
index 1f2f155..33e6de2 100644
--- a/yml/OtherMSBinaries/Te.yml
+++ b/yml/OtherMSBinaries/Te.yml
@@ -1,7 +1,7 @@
 ---
 Name: te.exe
 Description: Testing tool included with Microsoft Test Authoring and Execution Framework (TAEF).
-Author: 'Oddvar Moe'
+Author: Oddvar Moe
 Created: 2018-05-25
 Commands:
   - Command: te.exe bypass.wsc
@@ -11,14 +11,23 @@ Commands:
     Privileges: User
     MitreID: T1127
     OperatingSystem: Windows
+  - Command: te.exe test.dll
+    Description: Execute commands from a DLL file with Test Authoring and Execution Framework (TAEF) tests. See resources section for required structures.
+    Usecase: Execute DLL file.
+    Category: Execute
+    Privileges: User
+    MitreID: T1127
+    OperatingSystem: Windows
 Full_Path:
   - Path: no default
-Code_Sample:
-  - Code:
 Detection:
   - Sigma: https://github.com/SigmaHQ/sigma/blob/683b63f8184b93c9564c4310d10c571cbe367e1e/rules/windows/process_creation/proc_creation_win_susp_use_of_te_bin.yml
 Resources:
-  - Link: https://twitter.com/gn3mes1s/status/927680266390384640?lang=bg
+  - Link: https://twitter.com/gn3mes1s/status/927680266390384640
+  - Link: https://github.com/LOLBAS-Project/LOLBAS/pull/359
+  - Link: https://learn.microsoft.com/en-us/windows-hardware/drivers/taef/authoring-tests
 Acknowledgement:
   - Person: Giuseppe N3mes1s
     Handle: '@gN3mes1s'
+  - Person: Avihay Eldad
+    Handle: '@AvihayEldad'