Several LOLBINs additions & modifications (#192)

Co-authored-by: Wietze <wietze@users.noreply.github.com>
2025-07-27 12:42:19 +02:00 · 2023-03-31 08:46:21 -04:00
parent a9046ecb85
commit 787c87470e
8 changed files with 102 additions and 10 deletions
--- a/yml/OtherMSBinaries/Cdb.yml
+++ b/yml/OtherMSBinaries/Cdb.yml
@@ -1,7 +1,7 @@
 ---
 Name: Cdb.exe
 Description: Debugging tool included with Windows Debugging Tools.
-Author: 'Oddvar Moe'
+Author: Oddvar Moe
 Created: 2018-05-25
 Commands:
  - Command: cdb.exe -cf x64_calc.wds -o notepad.exe
@@ -12,8 +12,8 @@ Commands:
    MitreID: T1127
    OperatingSystem: Windows
  - Command: |
-     cdb.exe -pd -pn <process_name>
-     .shell <cmd>
+      cdb.exe -pd -pn <process_name>
+      .shell <cmd>
    Description: Attaching to any process and executing shell commands.
    Usecase: Run a shell command under a trusted Microsoft signed binary
    Category: Execute
@@ -41,7 +41,7 @@ Resources:
  - Link: http://www.exploit-monday.com/2016/08/windbg-cdb-shellcode-runner.html
  - Link: https://docs.microsoft.com/en-us/windows-hardware/drivers/debugger/cdb-command-line-options
  - Link: https://gist.github.com/mattifestation/94e2b0a9e3fe1ac0a433b5c3e6bd0bda
-  - Link: https://blog.thecybersecuritytutor.com/the-power-of-cdb-debugging-tool/
+  - Link: https://mrd0x.com/the-power-of-cdb-debugging-tool/
  - Link: https://twitter.com/nas_bench/status/1534957360032120833
 Acknowledgement:
  - Person: Matt Graeber