public-mirrors/LOLBAS
1
0
Fork 0
mirror of https://github.com/LOLBAS-Project/LOLBAS synced 2025-07-26 04:04:09 +02:00
Code Issues Projects Releases Wiki Activity

Major changes to Web portal - Small fixes to source files to adjust

Browse Source
This commit is contained in:
Oddvar Moe
2018-12-10 14:28:12 +01:00
parent 2b77add5b4
commit 94368c1e69
113 changed files with 233 additions and 232 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
yml/OSLibraries/Advpack.yml
View File

@@ -42,10 +42,10 @@ Commands:
Privileges: User
MitreID: T1085
MItreLink: https://attack.mitre.org/wiki/Technique/T1085
Full Path:
Full_Path:
- Path: c:\windows\system32\advpack.dll
- Path: c:\windows\syswow64\advpack.dll
Code Sample:
Code_Sample:
- Code: https://github.com/LOLBAS-Project/LOLBAS-Project.github.io/blob/master/_lolbas/Libraries/Payload/Advpack.inf
- Code: https://github.com/LOLBAS-Project/LOLBAS-Project.github.io/blob/master/_lolbas/Libraries/Payload/Advpack_calc.sct
Detection:

4
yml/OSLibraries/Ieadvpack.yml
View File

@@ -42,10 +42,10 @@ Commands:
Privileges: User
MitreID: T1085
MItreLink: https://attack.mitre.org/wiki/Technique/T1085
Full Path:
Full_Path:
- Path: c:\windows\system32\ieadvpack.dll
- Path: c:\windows\syswow64\ieadvpack.dll
Code Sample:
Code_Sample:
- Code: https://github.com/LOLBAS-Project/LOLBAS-Project.github.io/blob/master/_lolbas/Libraries/Payload/Ieadvpack.inf
- Code: https://github.com/LOLBAS-Project/LOLBAS-Project.github.io/blob/master/_lolbas/Libraries/Payload/Ieadvpack_calc.sct
Detection:

4
yml/OSLibraries/Ieframe.yml
View File

@@ -12,10 +12,10 @@ Commands:
MitreID: T1085
MItreLink: https://attack.mitre.org/wiki/Technique/T1085
OperatingSystem: Windows
Full Path:
Full_Path:
- Path: c:\windows\system32\ieframe.dll
- Path: c:\windows\syswow64\ieframe.dll
Code Sample:
Code_Sample:
- Code: https://gist.githubusercontent.com/bohops/89d7b11fa32062cfe31be9fdb18f050e/raw/1206a613a6621da21e7fd164b80a7ff01c5b64ab/calc.url
Detection:
- IOC:

4
yml/OSLibraries/Mshtml.yml
View File

@@ -12,10 +12,10 @@ Commands:
MitreID: T1085
MItreLink: https://attack.mitre.org/wiki/Technique/T1085
OperatingSystem: Windows
Full Path:
Full_Path:
- Path: c:\windows\system32\mshtml.dll
- Path: c:\windows\syswow64\mshtml.dll
Code Sample:
Code_Sample:
- Code:
Detection:
- IOC:

5
yml/OSLibraries/Pcwutl.yml
View File

@@ -12,10 +12,10 @@ Commands:
MitreID: T1085
MItreLink: https://attack.mitre.org/wiki/Technique/T1085
OperatingSystem: Windows
Full Path:
Full_Path:
- Path: c:\windows\system32\pcwutl.dll
- Path: c:\windows\syswow64\pcwutl.dll
Code Sample:
Code_Sample:
- Code:
Detection:
- IOC:
@@ -25,3 +25,4 @@ Resources:
Acknowledgement:
- Person: Matt harr0ey
Handle: '@harr0ey'
---

4
yml/OSLibraries/Setupapi.yml
View File

@@ -20,10 +20,10 @@ Commands:
MitreID: T1085
MitreLink: https://attack.mitre.org/wiki/Technique/T1085
OperatingSystem: Windows
Full Path:
Full_Path:
- Path: c:\windows\system32\setupapi.dll
- Path: c:\windows\syswow64\setupapi.dll
Code Sample:
Code_Sample:
- Code: https://raw.githubusercontent.com/huntresslabs/evading-autoruns/master/shady.inf
- Code: https://gist.github.com/enigma0x3/469d82d1b7ecaf84f4fb9e6c392d25ba#file-backdoor-minimalist-sct
- Code: https://gist.githubusercontent.com/enigma0x3/469d82d1b7ecaf84f4fb9e6c392d25ba/raw/6cb52b88bcc929f5555cd302d9ed848b7e407052/Backdoor-Minimalist.sct

4
yml/OSLibraries/Shdocvw.yml
View File

@@ -12,10 +12,10 @@ Commands:
MitreID: T1085
MItreLink: https://attack.mitre.org/wiki/Technique/T1085
OperatingSystem: Windows
Full Path:
Full_Path:
- Path: c:\windows\system32\shdocvw.dll
- Path: c:\windows\syswow64\shdocvw.dll
Code Sample:
Code_Sample:
- Code: https://gist.githubusercontent.com/bohops/89d7b11fa32062cfe31be9fdb18f050e/raw/1206a613a6621da21e7fd164b80a7ff01c5b64ab/calc.url
Detection:
- IOC:

4
yml/OSLibraries/Shell32.yml
View File

@@ -26,10 +26,10 @@ Commands:
Privileges: User
MitreID: T1085
MItreLink: https://attack.mitre.org/wiki/Technique/T1085
Full Path:
Full_Path:
- Path: c:\windows\system32\shell32.dll
- Path: c:\windows\syswow64\shell32.dll
Code Sample:
Code_Sample:
- Code:
Detection:
- IOC:

4
yml/OSLibraries/Syssetup.yml
View File

@@ -20,10 +20,10 @@ Commands:
MitreID: T1085
MitreLink: https://attack.mitre.org/wiki/Technique/T1085
OperatingSystem: Windows
Full Path:
Full_Path:
- Path: c:\windows\system32\syssetup.dll
- Path: c:\windows\syswow64\syssetup.dll
Code Sample:
Code_Sample:
- Code: https://raw.githubusercontent.com/huntresslabs/evading-autoruns/master/shady.inf
- Code: https://gist.github.com/enigma0x3/469d82d1b7ecaf84f4fb9e6c392d25ba#file-backdoor-minimalist-sct
- Code: https://gist.github.com/homjxi0e/87b29da0d4f504cb675bb1140a931415

4
yml/OSLibraries/Url.yml
View File

@@ -52,10 +52,10 @@ Commands:
MitreID: T1085
MItreLink: https://attack.mitre.org/wiki/Technique/T1085
OperatingSystem: Windows
Full Path:
Full_Path:
- Path: c:\windows\system32\url.dll
- Path: c:\windows\syswow64\url.dll
Code Sample:
Code_Sample:
- Code:
Detection:
- IOC:

4
yml/OSLibraries/Zipfldr.yml
View File

@@ -20,10 +20,10 @@ Commands:
MitreID: T1085
MItreLink: https://attack.mitre.org/wiki/Technique/T1085
OperatingSystem: Windows
Full Path:
Full_Path:
- Path: c:\windows\system32\zipfldr.dll
- Path: c:\windows\syswow64\zipfldr.dll
Code Sample:
Code_Sample:
- Code:
Detection:
- IOC: