Commit Graph

791 Commits

Author SHA1 Message Date
Tonmoy Jitu
0986609c4b
Added new technique: wevtutil.exe 2024-11-25 20:01:51 +11:00
SecurityAura
baaa5bbc73
Update Runscripthelper.yml (#407) 2024-11-10 17:31:41 +00:00
Wietze
f69b8abae1
Removing empty resource sections 2024-10-02 01:55:22 +01:00
Wietze
22568aff10
Updating workflow order, fixes #254 (#404) 2024-10-02 01:47:36 +01:00
Wietze
7e171658dd
Remove broken imgur link 2024-10-02 01:20:22 +01:00
Wietze
55d84345ac
Adding <version> placeholder to Vshadow 2024-10-01 23:45:18 +01:00
Wietze
39a7120d40
Adding Windows file path validation for values of File_Path (#403) 2024-10-01 23:14:19 +01:00
Avihay Eldad
d8402e6651
Add VSLaunchBrowser.yml (#367) 2024-10-01 22:37:11 +01:00
Eron Clarke
50e17c089a
Add ComputerDefaults.yml (#400)
Co-authored-by: Wietze <wietze@users.noreply.github.com>
2024-09-25 23:47:41 +01:00
Avihay Eldad
9b1a98794b
Update Wmic.yml (#355) 2024-09-15 17:31:17 +01:00
Ekitji
9ee5548623
Updates in Stordiag.exe (#394) 2024-09-10 13:31:38 +01:00
Avihay Eldad
bfa71cc57e
Add DTUtil.yml (#382)
Co-authored-by: Wietze <wietze@users.noreply.github.com>
2024-09-07 15:16:04 +01:00
p4yl0ad
cfd827fe6d
Fixing some paths / adding some paths, this will improve upstream hunting tool efficacy if proper paths are referenced in the yml (#392) 2024-09-07 15:07:46 +01:00
deadjakk
61bff01584
Odbcconf.yml - Corrected incorrect privileges (#396) 2024-09-07 15:01:46 +01:00
unrooted
659a0240e8
Update Winget.yml (#384)
Co-authored-by: Wietze <wietze@users.noreply.github.com>
2024-08-17 23:52:52 +01:00
Avihay Eldad
d5d11f47a1
Add Xsd.yml (#366) 2024-08-17 22:18:59 +01:00
TAbdiukov
5b12df2b93
Makecab - LOLBAS command, more information about Windows compatibility (#389)
---------
Co-authored-by: Wietze <wietze@users.noreply.github.com>
2024-08-17 22:16:07 +01:00
TAbdiukov
5826e4d415
Adding more operating systems to extrac32.exe (#387)
Co-authored-by: Wietze <wietze@users.noreply.github.com>
2024-08-17 22:10:48 +01:00
TAbdiukov
e09cf1066f
Add Diantz directives/DDF entry to diantz.exe (#390)
Co-authored-by: Wietze <wietze@users.noreply.github.com>
2024-08-17 22:02:55 +01:00
TAbdiukov
e1d0707082
Allow tildes (~) in URLs (#391) 2024-08-17 21:38:18 +01:00
Avihay Eldad
74ffaa534f
Add Ngen.exe (#357)
Co-authored-by: Wietze <wietze@users.noreply.github.com>
2024-07-15 20:59:23 +01:00
Avihay Eldad
da4f6e5407
Update Msdeploy.yml and add copy utility (#354) 2024-07-15 20:53:17 +01:00
Nathan
70268a5a9f
fix parameter typo for squirrel.exe (#383) 2024-07-12 18:49:30 +01:00
unrooted
03b527b105
Update wsl.exe description (#378)
Co-authored-by: Wietze <wietze@users.noreply.github.com>
2024-06-06 23:42:25 +01:00
Avihay Eldad
35148cc39e
Add Visio.exe as a downloader (#356)
Co-authored-by: Wietze <wietze@users.noreply.github.com>
2024-06-05 23:50:25 +01:00
bohops
622aaeed54
Add Powershell.exe to Honorable Mentions (#363) 2024-06-05 23:17:34 +01:00
Dr. Gerald Yaya
5d80e48159
Correct Winget.yml Spelling (#379)
Corrected some spelling mistakes in the "Privileges" node of Winget.yml
2024-06-03 17:52:55 +01:00
Avihay Eldad
78fa7b550e
Add Winfile.yml (#374)
Co-authored-by: Wietze <wietze@users.noreply.github.com>
2024-05-23 00:02:56 +01:00
Borja
2185ade1f2
Update Msiexec.yml (#369) 2024-05-22 18:59:51 +01:00
Mozhar Alhosni
91a3e80d8f
Update Csc.yml (#376)
Co-authored-by: Wietze <wietze@users.noreply.github.com>
2024-05-22 18:55:40 +01:00
Lino
5d7ec48f4f
Update Msiexec.yml (#377)
Fixed spelling
2024-05-20 16:49:27 -04:00
Wietze
2cc0ee99e6
Applying MITRE ATT&CK v15 changes (#370)
https://attack.mitre.org/resources/updates/updates-april-2024/
2024-04-24 15:10:59 +01:00
frack113
2cc01b0113
Add Detection Sigma ref (#368) 2024-04-19 18:53:37 +01:00
irEasty
fc23c999e6
Create wbadmin (#364)
Co-authored-by: Wietze <wietze@users.noreply.github.com>
2024-04-05 19:38:21 +01:00
Avihay Eldad
aea7bd082d
Add Winproj.exe as a downloader (#351)
Co-authored-by: Wietze <wietze@users.noreply.github.com>
2024-04-05 19:19:49 +01:00
C-h4ck-0
3c826ab1ca
Add MSAccess as a new downloader (#288)
Co-authored-by: Wietze <wietze@users.noreply.github.com>
2024-04-05 19:18:57 +01:00
Wietze
ebbf08ec4d
Adding tags (closes #9, #318) (#362)
* Adding various tags as a first iteration

* Adding quotes

* Adding 'Custom Format' properly

* Updating to key:value pairs

* Update template
2024-04-03 11:53:36 -04:00
Avihay Eldad
a945bac6be
Create Appcert.yml (#361)
Co-authored-by: Wietze <wietze@users.noreply.github.com>
2024-03-31 18:56:11 +01:00
Avesta
33b9574d04
Update Tar.yml (#310)
Co-authored-by: Wietze <wietze@users.noreply.github.com>
2024-03-31 14:00:57 +01:00
Avihay Eldad
65e05aa4d6
Update Te.yml (#359)
Co-authored-by: Wietze <wietze@users.noreply.github.com>
2024-03-31 13:43:00 +01:00
Axel Boesenach
3aa721515b
Fix typo in /z command parameter (#360) 2024-03-23 11:13:30 +00:00
j00c3
23bf33c7c4
Update MITRE T1185 to T1105 (#345) 2024-02-17 17:30:52 +00:00
Bjarne
ce53e1376a
Moved text to correct line (#349)
Moved "and show response in terminal" from `Command` to `Description`
2024-02-17 17:14:08 +00:00
Lino
bba87a6c2a
TypoFix: Addinutil.yml (#342)
Small typo fix:
serliaized -> serialized
2024-02-13 13:37:40 +00:00
Wietze
80267d91dd
Adding GitHub Actions workflow test for duplicate filenames (#340)
* Adding GitHub Actions workflow test for duplicate filenames

* Adding generic error message

* Deduping fsutil.exe and teams.exe
2023-11-07 20:55:24 -05:00
Grzegorz Tworek
5b4d6d604c
Create Fsutil.yml (#339) 2023-11-06 15:01:59 +01:00
Oddvar Moe
abd4e989f4
Update README.md
Inlcuded statement about NetNTLM coercing
2023-11-06 14:54:56 +01:00
pfiatde
ee78111254
Update Msiexec.yml (#333)
* Update Msiexec.yml

Added transform file execution

* Update Msiexec.yml
2023-11-06 13:47:04 +01:00
Wietze
760151b598
Fixing yml files with .yaml extension (#338) 2023-10-19 17:17:15 +01:00
frack113
4f83231697
Update old sigma link (#303)
* Update SigmaHQ ref

Signed-off-by: frack113 <62423083+frack113@users.noreply.github.com>

* Update SigmaHQ ref

Signed-off-by: frack113 <62423083+frack113@users.noreply.github.com>

* Update SigmaHq ref

Signed-off-by: frack113 <62423083+frack113@users.noreply.github.com>

* Update SigmaHq ref

Signed-off-by: frack113 <62423083+frack113@users.noreply.github.com>

---------

Signed-off-by: frack113 <62423083+frack113@users.noreply.github.com>
2023-10-18 11:30:34 -04:00