mirror of
				https://github.com/LOLBAS-Project/LOLBAS
				synced 2025-10-25 14:55:19 +02:00 
			
		
		
		
	Fixed a few categories
This commit is contained in:
		| @@ -23,7 +23,7 @@ Commands: | ||||
|   - Command: rundll32.exe advpack.dll,RegisterOCX test.dll | ||||
|     Description: Launch a DLL payload by calling the RegisterOCX function. | ||||
|     UseCase: Load a DLL payload. | ||||
|     Category: Execution | ||||
|     Category: Execute | ||||
|     Privileges: User | ||||
|     MitreID: T1085 | ||||
|     MItreLink: https://attack.mitre.org/wiki/Technique/T1085 | ||||
| @@ -31,14 +31,14 @@ Commands: | ||||
|   - Command: rundll32.exe advpack.dll,RegisterOCX calc.exe | ||||
|     Description: Launch an executable by calling the RegisterOCX function. | ||||
|     UseCase: Run an executable payload. | ||||
|     Category: Execution | ||||
|     Category: Execute | ||||
|     Privileges: User | ||||
|     MitreID: T1085 | ||||
|     MItreLink: https://attack.mitre.org/wiki/Technique/T1085 | ||||
|   - Command: rundll32 advpack.dll, RegisterOCX "cmd.exe /c calc.exe" | ||||
|     Description: Launch command line by calling the RegisterOCX function. | ||||
|     UseCase: Run an executable payload. | ||||
|     Category: Execution | ||||
|     Category: Execute | ||||
|     Privileges: User | ||||
|     MitreID: T1085 | ||||
|     MItreLink: https://attack.mitre.org/wiki/Technique/T1085 | ||||
| @@ -55,7 +55,7 @@ Resources: | ||||
|   - Link: https://twitter.com/ItsReallyNick/status/967859147977850880 | ||||
|   - Link: https://twitter.com/bohops/status/974497123101179904 | ||||
|   - Link: https://twitter.com/moriarty_meng/status/977848311603380224 | ||||
| Acknowledgment: | ||||
| Acknowledegment: | ||||
|   - Person: Jimmy (LaunchINFSection) | ||||
|     Handle: '@bohops' | ||||
|   - Person: Fabrizio (RegisterOCX - DLL) | ||||
|   | ||||
| @@ -23,7 +23,7 @@ Commands: | ||||
|   - Command: rundll32.exe ieadvpack.dll,RegisterOCX test.dll | ||||
|     Description: Launch a DLL payload by calling the RegisterOCX function. | ||||
|     UseCase: Load a DLL payload. | ||||
|     Category: Execution | ||||
|     Category: Execute | ||||
|     Privileges: User | ||||
|     MitreID: T1085 | ||||
|     MItreLink: https://attack.mitre.org/wiki/Technique/T1085 | ||||
| @@ -31,14 +31,14 @@ Commands: | ||||
|   - Command: rundll32.exe ieadvpack.dll,RegisterOCX calc.exe | ||||
|     Description: Launch an executable by calling the RegisterOCX function. | ||||
|     UseCase: Run an executable payload. | ||||
|     Category: Execution | ||||
|     Category: Execute | ||||
|     Privileges: User | ||||
|     MitreID: T1085 | ||||
|     MItreLink: https://attack.mitre.org/wiki/Technique/T1085 | ||||
|   - Command: rundll32 ieadvpack.dll, RegisterOCX "cmd.exe /c calc.exe" | ||||
|     Description: Launch command line by calling the RegisterOCX function. | ||||
|     UseCase: Run an executable payload. | ||||
|     Category: Execution | ||||
|     Category: Execute | ||||
|     Privileges: User | ||||
|     MitreID: T1085 | ||||
|     MItreLink: https://attack.mitre.org/wiki/Technique/T1085 | ||||
| @@ -54,7 +54,7 @@ Resources: | ||||
|   - Link: https://bohops.com/2018/03/10/leveraging-inf-sct-fetch-execute-techniques-for-bypass-evasion-persistence-part-2/ | ||||
|   - Link: https://twitter.com/pabraeken/status/991695411902599168 | ||||
|   - Link: https://twitter.com/0rbz_/status/974472392012689408 | ||||
| Acknowledgment: | ||||
| Acknowledgement: | ||||
|   - Person: Jimmy (LaunchINFSection) | ||||
|     Handle: '@bohops' | ||||
|   - Person: Fabrizio (RegisterOCX - DLL) | ||||
|   | ||||
| @@ -24,9 +24,10 @@ Resources: | ||||
|   - Link: https://bohops.com/2018/03/17/abusing-exported-functions-and-exposed-dcom-interfaces-for-pass-thru-command-execution-and-lateral-movement/ | ||||
|   - Link: https://twitter.com/bohops/status/997690405092290561 | ||||
|   - Link: https://windows10dll.nirsoft.net/ieframe_dll.html | ||||
| Acknowledgment: | ||||
| Acknowledgement: | ||||
|   - Person: Jimmy | ||||
|     Handle: '@bohops' | ||||
|   - Person: Adam | ||||
|     Handle: '@hexacorn' | ||||
| --- | ||||
|  | ||||
|   | ||||
| @@ -22,7 +22,7 @@ Detection: | ||||
| Resources: | ||||
|   - Link: https://twitter.com/pabraeken/status/998567549670477824 | ||||
|   - Link: https://windows10dll.nirsoft.net/mshtml_dll.html | ||||
| Acknowledgment: | ||||
| Acknowledgement: | ||||
|   - Person: Pierre-Alexandre Braeken | ||||
|     Handle: '@pabraeken' | ||||
| --- | ||||
|   | ||||
| @@ -22,6 +22,6 @@ Detection: | ||||
| Resources: | ||||
|   - Link: https://twitter.com/harr0ey/status/989617817849876488 | ||||
|   - Link: https://windows10dll.nirsoft.net/pcwutl_dll.html | ||||
| Acknowledgment: | ||||
| Acknowledgement: | ||||
|   - Person: Matt harr0ey | ||||
|     Handle: '@harr0ey' | ||||
|   | ||||
| @@ -15,7 +15,7 @@ Commands: | ||||
|   - Command: rundll32.exe setupapi.dll,InstallHinfSection DefaultInstall 128 C:\\Tools\\calc_exe.inf | ||||
|     Description: Launch an executable file via the InstallHinfSection function and .inf file section directive. | ||||
|     UseCase: Load an executable payload. | ||||
|     Category: Execution | ||||
|     Category: Execute | ||||
|     Privileges: User | ||||
|     MitreID: T1085 | ||||
|     MitreLink: https://attack.mitre.org/wiki/Technique/T1085 | ||||
| @@ -34,7 +34,7 @@ Resources: | ||||
|   - Link: https://github.com/huntresslabs/evading-autoruns | ||||
|   - Link: https://twitter.com/pabraeken/status/994742106852941825 | ||||
|   - Link: https://windows10dll.nirsoft.net/setupapi_dll.html | ||||
| Acknowledgment: | ||||
| Acknowledgement: | ||||
|   - Person: Kyle Hanslovan (COM Scriptlet) | ||||
|     Handle: '@KyleHanslovan' | ||||
|   - Person:  Huntress Labs (COM Scriptlet) | ||||
|   | ||||
| @@ -24,7 +24,7 @@ Resources: | ||||
|     - Link: https://bohops.com/2018/03/17/abusing-exported-functions-and-exposed-dcom-interfaces-for-pass-thru-command-execution-and-lateral-movement/ | ||||
|     - Link: https://twitter.com/bohops/status/997690405092290561 | ||||
|     - Link: https://windows10dll.nirsoft.net/shdocvw_dll.html | ||||
| Acknowledgment: | ||||
| Acknowledgement: | ||||
|   - Person: Adam | ||||
|     Handle: '@hexacorn' | ||||
|   - Person: Jimmy | ||||
|   | ||||
| @@ -39,7 +39,7 @@ Resources: | ||||
|   - Link: https://twitter.com/mattifestation/status/776574940128485376 | ||||
|   - Link: https://twitter.com/KyleHanslovan/status/905189665120149506 | ||||
|   - Link: https://windows10dll.nirsoft.net/shell32_dll.html | ||||
| Acknowledgment: | ||||
| Acknowledgement: | ||||
|   - Person: Adam (Control_RunDLL) | ||||
|     Handle: '@hexacorn' | ||||
|   - Person: Pierre-Alexandre Braeken (ShellExec_RunDLL) | ||||
|   | ||||
| @@ -15,7 +15,7 @@ Commands: | ||||
|   - Command: rundll32 syssetup.dll,SetupInfObjectInstallAction DefaultInstall 128 c:\temp\something.inf | ||||
|     Description: Launch an executable file via the SetupInfObjectInstallAction function and .inf file section directive. | ||||
|     UseCase: Load an executable payload. | ||||
|     Category: Execution | ||||
|     Category: Execute | ||||
|     Privileges: User | ||||
|     MitreID: T1085 | ||||
|     MitreLink: https://attack.mitre.org/wiki/Technique/T1085 | ||||
| @@ -34,7 +34,7 @@ Resources: | ||||
|   - Link: https://twitter.com/harr0ey/status/975350238184697857 | ||||
|   - Link: https://twitter.com/bohops/status/975549525938135040 | ||||
|   - Link: https://windows10dll.nirsoft.net/syssetup_dll.html | ||||
| Acknowledgment: | ||||
| Acknowledgement: | ||||
|   - Person: Pierre-Alexandre Braeken (Execute) | ||||
|     Handle: '@pabraeken' | ||||
|   - Person: Matt harr0ey (Execute) | ||||
|   | ||||
| @@ -66,7 +66,7 @@ Resources: | ||||
|   - Link: https://twitter.com/yeyint_mth/status/997355558070927360 | ||||
|   - Link: https://twitter.com/Hexacorn/status/974063407321223168 | ||||
|   - Link: https://windows10dll.nirsoft.net/url_dll.html | ||||
| Acknowledgment: | ||||
| Acknowledgement: | ||||
|   - Person: Adam (OpenURL) | ||||
|     Handle: '@hexacorn' | ||||
|   - Person: Jimmy (OpenURL) | ||||
|   | ||||
| @@ -31,7 +31,7 @@ Resources: | ||||
|   - Link: https://twitter.com/moriarty_meng/status/977848311603380224 | ||||
|   - Link: https://twitter.com/bohops/status/997896811904929792 | ||||
|   - Link: https://windows10dll.nirsoft.net/zipfldr_dll.html | ||||
| Acknowledgment: | ||||
| Acknowledgement: | ||||
|   - Person: Moriarty (Execution) | ||||
|     Handle: '@moriarty_meng' | ||||
|   - Person: r0lan (Obfuscation) | ||||
|   | ||||
		Reference in New Issue
	
	Block a user