public-mirrors/LOLBAS
1
0
Fork 0
mirror of https://github.com/LOLBAS-Project/LOLBAS synced 2025-07-25 19:53:08 +02:00
Code Issues Projects Releases Wiki Activity

Update Appcert.yml Tags

Browse Source 
Added Tags:
Execute EXE
Execute MSI
This commit is contained in:
hegusung
2024-10-13 21:25:16 +02:00
committed by GitHub
parent 8fc6995678
commit f4cd4d0bd1
1 changed files with 4 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
yml/OtherMSBinaries/Appcert.yml
View File

@@ -11,6 +11,8 @@ Commands:
Privileges: Administrator
MitreID: T1127
OperatingSystem: Windows
Tags:
- Execute: EXE
- Command: appcert.exe test -apptype desktop -setuppath c:\users\public\malicious.msi -setupcommandline /q -reportoutputpath c:\users\public\output.xml
Description: Install an MSI file via an msiexec instance spawned via appcert.exe as parent process.
Usecase: Execute custom made MSI file with malicious code
@@ -18,6 +20,8 @@ Commands:
Privileges: Administrator
MitreID: T1218.007
OperatingSystem: Windows
Tags:
- Execute: MSI
Full_Path:
- Path: C:\Program Files (x86)\Windows Kits\10\App Certification Kit\appcert.exe
- Path: C:\Program Files\Windows Kits\10\App Certification Kit\appcert.exe