public-mirrors/LOLBAS
1
0
Fork 0
mirror of https://github.com/LOLBAS-Project/LOLBAS synced 2025-11-04 02:29:34 +01:00
Code Issues Projects Releases Wiki Activity

DevTunnels - Other MS Binary for Data Exfiltration (#327)

Browse Source 
* Add files via upload

* updated devtunnels.yml

* Update devtunnels.yml

* Update devtunnels.yml

* Update devtunnels.yml

* Updated Priviliges
This commit is contained in:
Kamran Saifullah - Frog Man
2023-10-15 01:05:54 +03:00
committed by GitHub
parent fa3b5ed33c
commit b13eb6f4fd
1 changed files with 26 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
yml/OtherMSBinaries/devtunnels.yml Normal file
View File

@@ -0,0 +1,26 @@
---
Name: devtunnel.exe
Description: Binary to enable forwarded ports on windows operating systems.
Author: Kamran Saifullah
Created: 2023-09-16
Commands:
- Command: devtunnel.exe host -p 8080
Description: Enabling a forwarded port for locally hosted service at port 8080 to be exposed on the internet.
Usecase: Download Files, Upload Files, Data Exfiltration
Category: Download
Privileges: User
MitreID: T1105
OperatingSystem: Windows 10, Windows 11, MacOS
Full_Path:
- Path: C:\Users\<username>\AppData\Local\Temp\.net\devtunnel\
- Path: C:\Users\<username>\AppData\Local\Temp\DevTunnels
Detection:
- IOC: devtunnel.exe binary spawned
- IOC: '*.devtunnels.ms'
- IOC: '*.*.devtunnels.ms'
- Analysis: https://cydefops.com/vscode-data-exfiltration
Resources:
- Link: https://code.visualstudio.com/docs/editor/port-forwarding
Acknowledgement:
- Person: Kamran Saifullah
Handle: '@deFr0ggy'