Cochin, Cedric
13026a481b
Update MpCmdRun.yml
...
DownloadFile option has been removed from current MpCmdRun.exe, but old binary remains on disk. Defender cmd line mitigation can be bypassed by simply renaming the binary in a folder controlled by the attacker
2020-09-24 14:09:58 -07:00
Rich Rumble
1b00b374b3
Updated per suggestion
...
Thanks!
2020-09-03 11:46:25 -04:00
Rich Rumble
3078cc3755
Update MpCmdRun.yml
...
Added note that slashes (/) can also be used as command separators, and that the UA is MpCommunication
Thanks!
2020-09-03 10:39:24 -04:00
Oddvar Moe
63c9bc97c3
Added detection details on mpcmdrun
2020-09-03 15:29:32 +02:00
Oddvar Moe
5c5a218faf
Updated links on mpcmdrun
2020-09-03 11:00:56 +02:00
Oddvar Moe
bfccb51085
Added MpCmdRun.exe
2020-09-03 10:55:37 +02:00
Oddvar Moe
9a5e2b114f
Fixed the OS versions on Diantz
2020-09-03 10:28:49 +02:00
Oddvar Moe
38a3d406b0
Update and rename pktmon.yml to Pktmon.yml
2020-08-24 09:51:48 +02:00
Oddvar Moe
2bb6404160
Merge pull request #82 from binar-x79/patch-1
...
Create pktmon.yml
2020-08-24 09:49:44 +02:00
Oddvar Moe
525fc0c1eb
Added missing ticks in Diantz
2020-08-24 09:48:07 +02:00
Oddvar Moe
9b290ba808
Update and rename diantz.yml to Diantz.yml
2020-08-24 09:46:09 +02:00
Oddvar Moe
48219b177f
Merge pull request #80 from Tamirye/master
...
Create diantz.yml
2020-08-24 09:45:12 +02:00
Oddvar Moe
c5c6820c56
Rename agentexecutor.yml to Agentexecutor.yml
2020-08-24 09:42:07 +02:00
Oddvar Moe
a7da0deddd
Merge pull request #77 from leftp/master
...
Added method for AgentExecutor
2020-08-24 09:41:22 +02:00
Oddvar Moe
57346d17f4
Changed capitalization inside file
2020-08-24 09:34:56 +02:00
Oddvar Moe
4792d22ddd
Rename vbc.yml to Vbc.yml
2020-08-24 09:33:37 +02:00
Oddvar Moe
380b8cfecd
Rename ilasm.yml to Ilasm.yml
2020-08-24 09:33:22 +02:00
Oddvar Moe
fa3710ede5
Rename certreq.yml to Certreq.yml
2020-08-24 09:32:54 +02:00
Oddvar Moe
a104fbd075
Merge pull request #75 from dtmsecurity/master
...
Create certreq.yml
2020-08-24 09:30:16 +02:00
Oddvar Moe
2cf7d8cdeb
Adjusted missing ticks in Acknowledgement
2020-08-24 09:28:38 +02:00
Oddvar Moe
84a6cd8e85
Merge pull request #66 from GoSecure/gosecure/ttdinject
...
Added proxy execution for ttdinject.exe
2020-08-24 09:25:29 +02:00
Oddvar Moe
8cf6ef53fb
Rename squirrel.yml to Squirrel.yml
2020-08-15 00:27:11 +02:00
Oddvar Moe
39f55359ef
Rename update.yml to Update.yml
2020-08-15 00:26:53 +02:00
Oddvar Moe
020416d098
Delete Update.yml
2020-08-15 00:26:35 +02:00
Oddvar Moe
4c44d039a1
Merge pull request #81 from jreegun/patch-6
...
Update update.yml
2020-08-15 00:24:45 +02:00
Oddvar Moe
b592be6027
Update Manage-bde.yml
...
Remove extra -
2020-08-15 00:17:27 +02:00
Oddvar Moe
2dabdb0840
adjusted extrac32 yml error
2020-08-15 00:13:16 +02:00
Oddvar Moe
a24bc5b946
Merge pull request #79 from LuxNoBulIshit/master
...
add new usecase for Extrace32.exe
2020-08-15 00:05:37 +02:00
Oddvar Moe
631996950a
Update Extrac32.yml
2020-08-15 00:05:16 +02:00
binar-x79
eb0279838b
Create pktmon.yml
2020-08-12 22:04:03 -07:00
Reegun J
ed1e113460
Update update.yml
...
Hi, I have updated with new findings - Reegun
2020-08-10 11:31:48 +08:00
Tamirye
4db780e0f0
Create diantz.yml
...
use daintz.exe to download and compress a binary file from a remote server\internet or use it to store file in Alternate data stream.
2020-08-08 15:09:53 +03:00
LuxNoBu!!shit
be19ca53ed
Update Extrac32.yml
2020-08-08 15:02:05 +03:00
LuxNoBu!!shit
2450b9fc0a
Update Extrac32.yml
2020-08-08 15:01:46 +03:00
LuxNoBu!!shit
3a3d28e496
Update Extrac32.yml
...
another use case for extrace32.
2020-08-08 14:59:15 +03:00
Chris "Lopi" Spehn
689c3b1fea
Update Regsvcs.yml
...
Fixed inaccurate permissions
2020-08-04 07:40:48 -06:00
Eleftherios Panos
3710c1c972
Added method for AgentExecutor
2020-07-23 13:58:30 +03:00
@dtmsecurity
aa88bf8144
Create certreq.yml
2020-07-07 21:09:06 +01:00
Maxime Nadeau
640e7f2d65
Added a Windows 10 2004 version
2020-07-03 16:59:53 -04:00
bohops
343a0e2478
Added plain explorer execution
2020-07-03 15:03:07 -04:00
bohops
92f020b885
Added dotnet msbuild awl bypass technique
2020-07-03 14:56:06 -04:00
bohops
a976eaefe1
Updated Mitre Reference - T1096
2020-07-03 10:35:01 -04:00
bohops
f1a7ad92dd
Changed privilege level for registration
2020-07-03 10:24:34 -04:00
bohops
e316cb4842
Delete Slmgr - COM Hijacks are too broad
2020-07-03 10:15:06 -04:00
bohops
12cdb47285
Removed COM Hijack
2020-07-03 10:07:18 -04:00
bohops
17a34e27f6
Added Twitter reference for use "in-the-wild"
2020-07-03 10:03:42 -04:00
Oddvar Moe
cb3a45008e
Added regini.exe writing to registry using ADS
2020-07-03 15:40:58 +02:00
Oddvar Moe
420860e5f7
Adjusted some missing quotes and stuff on Dekstopimgdownldr
2020-07-03 15:05:33 +02:00
Oddvar Moe
7dfbc7af67
Update and rename desktopimgdownldr.yml to Desktopimgdownldr.yml
...
Changed capitalization
2020-07-03 15:04:09 +02:00
Oddvar Moe
c5866efc41
Merge pull request #74 from Kristal-g/master
...
Added desktopimgdownldr.exe
2020-07-03 15:03:10 +02:00