Major changes to Web portal - Small fixes to source files to adjust

2025-07-27 12:42:19 +02:00 · 2018-12-10 14:28:12 +01:00
parent 2b77add5b4
commit 94368c1e69
113 changed files with 233 additions and 232 deletions
--- a/yml/LOLUtilz/OtherBinaries/AcroRd32.yml
+++ b/yml/LOLUtilz/OtherBinaries/AcroRd32.yml
@@ -7,9 +7,9 @@ Categories: []
 Commands:
  - Command: Replace C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe by your binary
    Description: Hijack RdrCEF.exe with a payload executable to launch when opening Adobe
-Full Path:
+Full_Path:
  - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\
-Code Sample: []
+Code_Sample: []
 Detection: []
 Resources:
  - https://twitter.com/pabraeken/status/997997818362155008
--- a/yml/LOLUtilz/OtherBinaries/Gpup.yml
+++ b/yml/LOLUtilz/OtherBinaries/Gpup.yml
@@ -7,9 +7,9 @@ Categories: []
 Commands:
  - Command: Gpup.exe -w whatever -e c:\Windows\System32\calc.exe
    Description: Execute another command through gpup.exe (Notepad++ binary).
-Full Path:
+Full_Path:
  - 'C:\Program Files (x86)\Notepad++\updater\gpup.exe    '
-Code Sample: []
+Code_Sample: []
 Detection: []
 Resources:
  - https://twitter.com/pabraeken/status/997892519827558400
--- a/yml/LOLUtilz/OtherBinaries/Nlnotes.yml
+++ b/yml/LOLUtilz/OtherBinaries/Nlnotes.yml
@@ -7,9 +7,9 @@ Categories: []
 Commands:
  - Command: NLNOTES.EXE /authenticate "=N:\Lotus\Notes\Data\notes.ini" -Command if((Get-ExecutionPolicy ) -ne AllSigned) { Set-ExecutionPolicy -Scope Process Bypass }
    Description: Run PowerShell via LotusNotes.
-Full Path:
+Full_Path:
  - C:\Program Files (x86)\IBM\Lotus\Notes\Notes.exe
-Code Sample: []
+Code_Sample: []
 Detection: []
 Resources:
  - https://gist.github.com/danielbohannon/50ec800e92a888b7d45486e5733c359f
--- a/yml/LOLUtilz/OtherBinaries/Notes.yml
+++ b/yml/LOLUtilz/OtherBinaries/Notes.yml
@@ -7,9 +7,9 @@ Categories: []
 Commands:
  - Command: Notes.exe "=N:\Lotus\Notes\Data\notes.ini" -Command if((Get-ExecutionPolicy) -ne AllSigned) { Set-ExecutionPolicy -Scope Process Bypass }
    Description: Run PowerShell via LotusNotes.
-Full Path:
+Full_Path:
  - C:\Program Files (x86)\IBM\Lotus\Notes\notes.exe
-Code Sample: []
+Code_Sample: []
 Detection: []
 Resources:
  - https://gist.github.com/danielbohannon/50ec800e92a888b7d45486e5733c359f
--- a/yml/LOLUtilz/OtherBinaries/Nvudisp.yml
+++ b/yml/LOLUtilz/OtherBinaries/Nvudisp.yml
@@ -17,9 +17,9 @@ Commands:
    Description: Kill a process.
  - Command: Nvudisp.exe Run foo
    Description: Run process
-Full Path:
+Full_Path:
  - C:\windows\system32\nvuDisp.exe
-Code Sample: []
+Code_Sample: []
 Detection: []
 Resources:
  - http://sysadminconcombre.blogspot.ca/2018/04/run-system-commands-through-nvidia.html
--- a/yml/LOLUtilz/OtherBinaries/Nvuhda6.yml
+++ b/yml/LOLUtilz/OtherBinaries/Nvuhda6.yml
@@ -17,9 +17,9 @@ Commands:
    Description: Kill a process.
  - Command: nvuhda6.exe Run foo
    Description: Run process
-Full Path:
+Full_Path:
  - Missing
-Code Sample: []
+Code_Sample: []
 Detection: []
 Resources:
  - http://www.hexacorn.com/blog/2017/11/10/reusigned-binaries-living-off-the-signed-land/
--- a/yml/LOLUtilz/OtherBinaries/ROCCAT_Swarm.yml
+++ b/yml/LOLUtilz/OtherBinaries/ROCCAT_Swarm.yml
@@ -7,9 +7,9 @@ Categories: []
 Commands:
  - Command: Replace ROCCAT_Swarm_Monitor.exe with your binary.exe
    Description: Hijack ROCCAT_Swarm_Monitor.exe and launch payload when executing ROCCAT_Swarm.exe
-Full Path:
+Full_Path:
  - C:\Program Files (x86)\ROCCAT\ROCCAT Swarm\
-Code Sample: []
+Code_Sample: []
 Detection: []
 Resources:
  - https://twitter.com/pabraeken/status/994213164484001793
--- a/yml/LOLUtilz/OtherBinaries/Setup.yml
+++ b/yml/LOLUtilz/OtherBinaries/Setup.yml
@@ -7,9 +7,9 @@ Categories: []
 Commands:
  - Command: Run Setup.exe
    Description: Hijack hpbcsiServiceMarshaller.exe and run Setup.exe to launch a payload.
-Full Path:
+Full_Path:
  - C:\LJ-Ent-700-color-MFP-M775-Full-Solution-15315
-Code Sample: []
+Code_Sample: []
 Detection: []
 Resources:
  - https://twitter.com/pabraeken/status/994381620588236800
--- a/yml/LOLUtilz/OtherBinaries/Usbinst.yml
+++ b/yml/LOLUtilz/OtherBinaries/Usbinst.yml
@@ -7,9 +7,9 @@ Categories: []
 Commands:
  - Command: Usbinst.exe InstallHinfSection "DefaultInstall 128 c:\temp\calc.inf"
    Description: Execute calc.exe through DefaultInstall Section Directive in INF file.
-Full Path:
+Full_Path:
  - C:\Program Files (x86)\Citrix\ICA Client\Drivers64\Usbinst.exe
-Code Sample: []
+Code_Sample: []
 Detection: []
 Resources:
  - https://twitter.com/pabraeken/status/993514357807108096
--- a/yml/LOLUtilz/OtherBinaries/VBoxDrvInst.yml
+++ b/yml/LOLUtilz/OtherBinaries/VBoxDrvInst.yml
@@ -7,9 +7,9 @@ Categories: []
 Commands:
  - Command: VBoxDrvInst.exe driver executeinf c:\temp\calc.inf
    Description: Set registry key-value for persistance via INF file call through VBoxDrvInst.exe
-Full Path:
+Full_Path:
  - C:\Program Files\Oracle\VirtualBox Guest Additions
-Code Sample: []
+Code_Sample: []
 Detection: []
 Resources:
  - https://twitter.com/pabraeken/status/993497996179492864