public-mirrors/LOLBAS
1
0
Fork 0
mirror of https://github.com/LOLBAS-Project/LOLBAS synced 2025-07-27 04:32:24 +02:00
Code Issues Projects Releases Wiki Activity

Minor adjustments to be yaml compliant

Browse Source
This commit is contained in:
Oddvar Moe
2018-09-24 23:18:00 +02:00
parent 37cc1ee83e
commit f8fec9849b
12 changed files with 60 additions and 55 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
yml/OSBinaries/Bash.yml
View File

@@ -12,7 +12,7 @@ Commands:
MitreID: T1218
MitreLink: https://attack.mitre.org/wiki/Technique/T1218
OperatingSystem: Windows 10
- Command: bash.exe -c calc.exe
- Command: bash.exe -c calc.exe
Description: Executes calc.exe from bash.exe
Usecase: Performs execution of specified file, can be used to bypass Application Whitelisting.
Category: AWL Bypass
@@ -24,9 +24,9 @@ Full Path:
- Path: C:\Windows\System32\bash.exe
- Path: C:\Windows\SysWOW64\bash.exe
Code Sample:
- Code:
- Code:
Detection:
- IOC: Child process from bash.exe
- IOC: Child process from bash.exe
Resources:
- Link: https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules
Acknowledgement: