From ce907b4e5c52b8556ec0db85bee0ad3fdf9a57ac Mon Sep 17 00:00:00 2001
From: hegusung <7390383+hegusung@users.noreply.github.com>
Date: Sun, 13 Oct 2024 16:45:00 +0200
Subject: [PATCH] Update Regsvcs.yml Tags

Changed DLL to .NetDLL
---
 yml/OSBinaries/Regsvcs.yml | 10 ++++------
 1 file changed, 4 insertions(+), 6 deletions(-)

diff --git a/yml/OSBinaries/Regsvcs.yml b/yml/OSBinaries/Regsvcs.yml
index 3a65a66..1e6d760 100644
--- a/yml/OSBinaries/Regsvcs.yml
+++ b/yml/OSBinaries/Regsvcs.yml
@@ -5,25 +5,23 @@ Author: 'Oddvar Moe'
 Created: 2018-05-25
 Commands:
   - Command: regsvcs.exe AllTheThingsx64.dll
-    Description: Loads the target .DLL file and executes the RegisterClass function.
+    Description: Loads the target .Net DLL file and executes the RegisterClass function.
     Usecase: Execute dll file and bypass Application whitelisting
     Category: Execute
     Privileges: User
     MitreID: T1218.009
     OperatingSystem: Windows vista, Windows 7, Windows 8, Windows 8.1, Windows 10, Windows 11
     Tags:
-      - Execute: DLL
-      - Input: Custom Format
+      - Execute: .NetDLL
   - Command: regsvcs.exe AllTheThingsx64.dll
-    Description: Loads the target .DLL file and executes the RegisterClass function.
+    Description: Loads the target .Net DLL file and executes the RegisterClass function.
     Usecase: Execute dll file and bypass Application whitelisting
     Category: AWL Bypass
     Privileges: Local Admin
     MitreID: T1218.009
     OperatingSystem: Windows vista, Windows 7, Windows 8, Windows 8.1, Windows 10, Windows 11
     Tags:
-      - Execute: DLL
-      - Input: Custom Format
+      - Execute: .NetDLL
 Full_Path:
   - Path: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\RegSvcs.exe
   - Path: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe