public-mirrors/LOLBAS
1
0
Fork 0
mirror of https://github.com/LOLBAS-Project/LOLBAS synced 2025-07-26 04:04:09 +02:00
Code Issues Projects Releases Wiki Activity

Major changes to Web portal - Small fixes to source files to adjust

Browse Source
This commit is contained in:
Oddvar Moe
2018-12-10 14:28:12 +01:00
parent 2b77add5b4
commit 94368c1e69
113 changed files with 233 additions and 232 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
yml/OSScripts/CL_mutexverifiers.yml
View File

@@ -12,11 +12,11 @@ Commands:
MitreID: T1216
MitreLink: https://attack.mitre.org/wiki/Technique/T1216
OperatingSystem: Windows 10
Full Path:
Full_Path:
- Path: C:\Windows\diagnostics\system\WindowsUpdate\CL_Mutexverifiers.ps1
- Path: C:\Windows\diagnostics\system\Audio\CL_Mutexverifiers.ps1
- Path: C:\Windows\diagnostics\system\WindowsUpdate\CL_Mutexverifiers.ps1
Code Sample:
Code_Sample:
- Code:
Detection:
- IOC:

4
yml/OSScripts/Cl_invocation.yml
View File

@@ -12,11 +12,11 @@ Commands:
MitreID: T1216
MitreLink: https://attack.mitre.org/wiki/Technique/T1216
OperatingSystem: Windows 10
Full Path:
Full_Path:
- Path: C:\Windows\diagnostics\system\AERO\CL_Invocation.ps1
- Path: C:\Windows\diagnostics\system\Audio\CL_Invocation.ps1
- Path: C:\Windows\diagnostics\system\WindowsUpdate\CL_Invocation.ps1
Code Sample:
Code_Sample:
- Code:
Detection:
- IOC:

4
yml/OSScripts/Manage-bde.yml
View File

@@ -20,9 +20,9 @@ Commands:
MitreID: T1216
MitreLink: https://attack.mitre.org/wiki/Technique/T1216
OperatingSystem: Windows Vista, Windows 7, Windows 8, Windows 8.1, Windows 10
Full Path:
Full_Path:
- Path: C:\Windows\System32\manage-bde.wsf
Code Sample:
Code_Sample:
- Code:
Detection:
- IOC: Manage-bde.wsf should normally not be invoked by a user

4
yml/OSScripts/Pubprn.yml
View File

@@ -12,10 +12,10 @@ Commands:
MitreID: T1216
MitreLink: https://attack.mitre.org/wiki/Technique/T1216
OperatingSystem: Windows 10
Full Path:
Full_Path:
- Path: C:\Windows\System32\Printing_Admin_Scripts\en-US\pubprn.vbs
- Path: C:\Windows\SysWOW64\Printing_Admin_Scripts\en-US\pubprn.vbs
Code Sample:
Code_Sample:
- Code: https://raw.githubusercontent.com/LOLBAS-Project/LOLBAS/master/OSScripts/Payload/Pubprn_calc.sct
Detection:
- IOC:

4
yml/OSScripts/Slmgr.yml
View File

@@ -12,10 +12,10 @@ Commands:
MitreID: T1216
MitreLink: https://attack.mitre.org/wiki/Technique/T1216
OperatingSystem: Windows 10
Full Path:
Full_Path:
- Path: C:\Windows\System32\slmgr.vbs
- Path: C:\Windows\SysWOW64\slmgr.vbs
Code Sample:
Code_Sample:
- Code: https://raw.githubusercontent.com/LOLBAS-Project/LOLBAS/master/OSScripts/Payload/Slmgr_calc.sct
- Code: https://raw.githubusercontent.com/LOLBAS-Project/LOLBAS/master/OSScripts/Payload/Slmgr.reg
Detection:

4
yml/OSScripts/Syncappvpublishingserver.yml
View File

@@ -12,9 +12,9 @@ Commands:
MitreID: T1216
MitreLink: https://attack.mitre.org/wiki/Technique/T1216
OperatingSystem: Windows 10
Full Path:
Full_Path:
- Path: C:\Windows\System32\SyncAppvPublishingServer.vbs
Code Sample:
Code_Sample:
- Code:
Detection:
- IOC:

4
yml/OSScripts/Winrm.yml
View File

@@ -36,10 +36,10 @@ Commands:
MitreID: T1216
MitreLink: https://attack.mitre.org/wiki/Technique/T1216
OperatingSystem: Windows 10
Full Path:
Full_Path:
- Path: C:\Windows\System32\winrm.vbs
- Path: C:\Windows\SysWOW64\winrm.vbs
Code Sample:
Code_Sample:
- Code: https://raw.githubusercontent.com/LOLBAS-Project/LOLBAS/master/OSScripts/Payload/Slmgr.reg
- Code: https://raw.githubusercontent.com/LOLBAS-Project/LOLBAS/master/OSScripts/Payload/Slmgr_calc.sct
Detection:

4
yml/OSScripts/pester.yml
View File

@@ -12,10 +12,10 @@ Commands:
MitreID: T1216
MitreLink: https://attack.mitre.org/wiki/Technique/T1216
OperatingSystem: Windows 10
Full Path:
Full_Path:
- Path: c:\Program Files\WindowsPowerShell\Modules\Pester\3.4.0\bin\Pester.bat
- Path: c:\Program Files\WindowsPowerShell\Modules\Pester\*\bin\Pester.bat
Code Sample:
Code_Sample:
- Code:
Detection:
- IOC: