mirror of
https://github.com/LOLBAS-Project/LOLBAS
synced 2024-12-25 14:29:24 +01:00
Fixed a few categories
This commit is contained in:
parent
bac3b9e56c
commit
f8e9ac5a0a
@ -23,7 +23,7 @@ Commands:
|
||||
- Command: rundll32.exe advpack.dll,RegisterOCX test.dll
|
||||
Description: Launch a DLL payload by calling the RegisterOCX function.
|
||||
UseCase: Load a DLL payload.
|
||||
Category: Execution
|
||||
Category: Execute
|
||||
Privileges: User
|
||||
MitreID: T1085
|
||||
MItreLink: https://attack.mitre.org/wiki/Technique/T1085
|
||||
@ -31,14 +31,14 @@ Commands:
|
||||
- Command: rundll32.exe advpack.dll,RegisterOCX calc.exe
|
||||
Description: Launch an executable by calling the RegisterOCX function.
|
||||
UseCase: Run an executable payload.
|
||||
Category: Execution
|
||||
Category: Execute
|
||||
Privileges: User
|
||||
MitreID: T1085
|
||||
MItreLink: https://attack.mitre.org/wiki/Technique/T1085
|
||||
- Command: rundll32 advpack.dll, RegisterOCX "cmd.exe /c calc.exe"
|
||||
Description: Launch command line by calling the RegisterOCX function.
|
||||
UseCase: Run an executable payload.
|
||||
Category: Execution
|
||||
Category: Execute
|
||||
Privileges: User
|
||||
MitreID: T1085
|
||||
MItreLink: https://attack.mitre.org/wiki/Technique/T1085
|
||||
@ -55,7 +55,7 @@ Resources:
|
||||
- Link: https://twitter.com/ItsReallyNick/status/967859147977850880
|
||||
- Link: https://twitter.com/bohops/status/974497123101179904
|
||||
- Link: https://twitter.com/moriarty_meng/status/977848311603380224
|
||||
Acknowledgment:
|
||||
Acknowledegment:
|
||||
- Person: Jimmy (LaunchINFSection)
|
||||
Handle: '@bohops'
|
||||
- Person: Fabrizio (RegisterOCX - DLL)
|
||||
|
@ -23,7 +23,7 @@ Commands:
|
||||
- Command: rundll32.exe ieadvpack.dll,RegisterOCX test.dll
|
||||
Description: Launch a DLL payload by calling the RegisterOCX function.
|
||||
UseCase: Load a DLL payload.
|
||||
Category: Execution
|
||||
Category: Execute
|
||||
Privileges: User
|
||||
MitreID: T1085
|
||||
MItreLink: https://attack.mitre.org/wiki/Technique/T1085
|
||||
@ -31,14 +31,14 @@ Commands:
|
||||
- Command: rundll32.exe ieadvpack.dll,RegisterOCX calc.exe
|
||||
Description: Launch an executable by calling the RegisterOCX function.
|
||||
UseCase: Run an executable payload.
|
||||
Category: Execution
|
||||
Category: Execute
|
||||
Privileges: User
|
||||
MitreID: T1085
|
||||
MItreLink: https://attack.mitre.org/wiki/Technique/T1085
|
||||
- Command: rundll32 ieadvpack.dll, RegisterOCX "cmd.exe /c calc.exe"
|
||||
Description: Launch command line by calling the RegisterOCX function.
|
||||
UseCase: Run an executable payload.
|
||||
Category: Execution
|
||||
Category: Execute
|
||||
Privileges: User
|
||||
MitreID: T1085
|
||||
MItreLink: https://attack.mitre.org/wiki/Technique/T1085
|
||||
@ -54,7 +54,7 @@ Resources:
|
||||
- Link: https://bohops.com/2018/03/10/leveraging-inf-sct-fetch-execute-techniques-for-bypass-evasion-persistence-part-2/
|
||||
- Link: https://twitter.com/pabraeken/status/991695411902599168
|
||||
- Link: https://twitter.com/0rbz_/status/974472392012689408
|
||||
Acknowledgment:
|
||||
Acknowledgement:
|
||||
- Person: Jimmy (LaunchINFSection)
|
||||
Handle: '@bohops'
|
||||
- Person: Fabrizio (RegisterOCX - DLL)
|
||||
|
@ -24,9 +24,10 @@ Resources:
|
||||
- Link: https://bohops.com/2018/03/17/abusing-exported-functions-and-exposed-dcom-interfaces-for-pass-thru-command-execution-and-lateral-movement/
|
||||
- Link: https://twitter.com/bohops/status/997690405092290561
|
||||
- Link: https://windows10dll.nirsoft.net/ieframe_dll.html
|
||||
Acknowledgment:
|
||||
Acknowledgement:
|
||||
- Person: Jimmy
|
||||
Handle: '@bohops'
|
||||
- Person: Adam
|
||||
Handle: '@hexacorn'
|
||||
---
|
||||
|
||||
|
@ -22,7 +22,7 @@ Detection:
|
||||
Resources:
|
||||
- Link: https://twitter.com/pabraeken/status/998567549670477824
|
||||
- Link: https://windows10dll.nirsoft.net/mshtml_dll.html
|
||||
Acknowledgment:
|
||||
Acknowledgement:
|
||||
- Person: Pierre-Alexandre Braeken
|
||||
Handle: '@pabraeken'
|
||||
---
|
||||
|
@ -22,6 +22,6 @@ Detection:
|
||||
Resources:
|
||||
- Link: https://twitter.com/harr0ey/status/989617817849876488
|
||||
- Link: https://windows10dll.nirsoft.net/pcwutl_dll.html
|
||||
Acknowledgment:
|
||||
Acknowledgement:
|
||||
- Person: Matt harr0ey
|
||||
Handle: '@harr0ey'
|
||||
|
@ -15,7 +15,7 @@ Commands:
|
||||
- Command: rundll32.exe setupapi.dll,InstallHinfSection DefaultInstall 128 C:\\Tools\\calc_exe.inf
|
||||
Description: Launch an executable file via the InstallHinfSection function and .inf file section directive.
|
||||
UseCase: Load an executable payload.
|
||||
Category: Execution
|
||||
Category: Execute
|
||||
Privileges: User
|
||||
MitreID: T1085
|
||||
MitreLink: https://attack.mitre.org/wiki/Technique/T1085
|
||||
@ -34,7 +34,7 @@ Resources:
|
||||
- Link: https://github.com/huntresslabs/evading-autoruns
|
||||
- Link: https://twitter.com/pabraeken/status/994742106852941825
|
||||
- Link: https://windows10dll.nirsoft.net/setupapi_dll.html
|
||||
Acknowledgment:
|
||||
Acknowledgement:
|
||||
- Person: Kyle Hanslovan (COM Scriptlet)
|
||||
Handle: '@KyleHanslovan'
|
||||
- Person: Huntress Labs (COM Scriptlet)
|
||||
|
@ -24,7 +24,7 @@ Resources:
|
||||
- Link: https://bohops.com/2018/03/17/abusing-exported-functions-and-exposed-dcom-interfaces-for-pass-thru-command-execution-and-lateral-movement/
|
||||
- Link: https://twitter.com/bohops/status/997690405092290561
|
||||
- Link: https://windows10dll.nirsoft.net/shdocvw_dll.html
|
||||
Acknowledgment:
|
||||
Acknowledgement:
|
||||
- Person: Adam
|
||||
Handle: '@hexacorn'
|
||||
- Person: Jimmy
|
||||
|
@ -39,7 +39,7 @@ Resources:
|
||||
- Link: https://twitter.com/mattifestation/status/776574940128485376
|
||||
- Link: https://twitter.com/KyleHanslovan/status/905189665120149506
|
||||
- Link: https://windows10dll.nirsoft.net/shell32_dll.html
|
||||
Acknowledgment:
|
||||
Acknowledgement:
|
||||
- Person: Adam (Control_RunDLL)
|
||||
Handle: '@hexacorn'
|
||||
- Person: Pierre-Alexandre Braeken (ShellExec_RunDLL)
|
||||
|
@ -15,7 +15,7 @@ Commands:
|
||||
- Command: rundll32 syssetup.dll,SetupInfObjectInstallAction DefaultInstall 128 c:\temp\something.inf
|
||||
Description: Launch an executable file via the SetupInfObjectInstallAction function and .inf file section directive.
|
||||
UseCase: Load an executable payload.
|
||||
Category: Execution
|
||||
Category: Execute
|
||||
Privileges: User
|
||||
MitreID: T1085
|
||||
MitreLink: https://attack.mitre.org/wiki/Technique/T1085
|
||||
@ -34,7 +34,7 @@ Resources:
|
||||
- Link: https://twitter.com/harr0ey/status/975350238184697857
|
||||
- Link: https://twitter.com/bohops/status/975549525938135040
|
||||
- Link: https://windows10dll.nirsoft.net/syssetup_dll.html
|
||||
Acknowledgment:
|
||||
Acknowledgement:
|
||||
- Person: Pierre-Alexandre Braeken (Execute)
|
||||
Handle: '@pabraeken'
|
||||
- Person: Matt harr0ey (Execute)
|
||||
|
@ -66,7 +66,7 @@ Resources:
|
||||
- Link: https://twitter.com/yeyint_mth/status/997355558070927360
|
||||
- Link: https://twitter.com/Hexacorn/status/974063407321223168
|
||||
- Link: https://windows10dll.nirsoft.net/url_dll.html
|
||||
Acknowledgment:
|
||||
Acknowledgement:
|
||||
- Person: Adam (OpenURL)
|
||||
Handle: '@hexacorn'
|
||||
- Person: Jimmy (OpenURL)
|
||||
|
@ -31,7 +31,7 @@ Resources:
|
||||
- Link: https://twitter.com/moriarty_meng/status/977848311603380224
|
||||
- Link: https://twitter.com/bohops/status/997896811904929792
|
||||
- Link: https://windows10dll.nirsoft.net/zipfldr_dll.html
|
||||
Acknowledgment:
|
||||
Acknowledgement:
|
||||
- Person: Moriarty (Execution)
|
||||
Handle: '@moriarty_meng'
|
||||
- Person: r0lan (Obfuscation)
|
||||
|
Loading…
Reference in New Issue
Block a user