public-mirrors/LOLBAS
1
0
Fork 0
mirror of https://github.com/LOLBAS-Project/LOLBAS synced 2025-11-04 02:29:34 +01:00
Code Issues Projects Releases Wiki Activity
260 Commits 4 Branches 0 Tags
13026a481be90843f09592a210aa63ab8f56d443
Commit Graph

116 Commits

Author SHA1 Message Date
Cochin, Cedric
13026a481b Update MpCmdRun.yml 
DownloadFile option has been removed from current MpCmdRun.exe, but old binary remains on disk. Defender cmd line mitigation can be bypassed by simply renaming the binary in a folder controlled by the attacker
 2020-09-24 14:09:58 -07:00
Rich Rumble
1b00b374b3 Updated per suggestion 
Thanks!
 2020-09-03 11:46:25 -04:00
Rich Rumble
3078cc3755 Update MpCmdRun.yml 
Added note that slashes (/) can also be used as command separators, and that the UA is MpCommunication
Thanks!
 2020-09-03 10:39:24 -04:00
Oddvar Moe
63c9bc97c3 Added detection details on mpcmdrun 2020-09-03 15:29:32 +02:00
Oddvar Moe
5c5a218faf Updated links on mpcmdrun 2020-09-03 11:00:56 +02:00
Oddvar Moe
bfccb51085 Added MpCmdRun.exe 2020-09-03 10:55:37 +02:00
Oddvar Moe
9a5e2b114f Fixed the OS versions on Diantz 2020-09-03 10:28:49 +02:00
Oddvar Moe
38a3d406b0 Update and rename pktmon.yml to Pktmon.yml 2020-08-24 09:51:48 +02:00
Oddvar Moe
2bb6404160 Merge pull request #82 from binar-x79/patch-1 
Create pktmon.yml
 2020-08-24 09:49:44 +02:00
Oddvar Moe
525fc0c1eb Added missing ticks in Diantz 2020-08-24 09:48:07 +02:00
Oddvar Moe
9b290ba808 Update and rename diantz.yml to Diantz.yml 2020-08-24 09:46:09 +02:00
Oddvar Moe
48219b177f Merge pull request #80 from Tamirye/master 
Create diantz.yml
 2020-08-24 09:45:12 +02:00
Oddvar Moe
57346d17f4 Changed capitalization inside file 2020-08-24 09:34:56 +02:00
Oddvar Moe
4792d22ddd Rename vbc.yml to Vbc.yml 2020-08-24 09:33:37 +02:00
Oddvar Moe
380b8cfecd Rename ilasm.yml to Ilasm.yml 2020-08-24 09:33:22 +02:00
Oddvar Moe
fa3710ede5 Rename certreq.yml to Certreq.yml 2020-08-24 09:32:54 +02:00
Oddvar Moe
a104fbd075 Merge pull request #75 from dtmsecurity/master 
Create certreq.yml
 2020-08-24 09:30:16 +02:00
Oddvar Moe
2cf7d8cdeb Adjusted missing ticks in Acknowledgement 2020-08-24 09:28:38 +02:00
Oddvar Moe
84a6cd8e85 Merge pull request #66 from GoSecure/gosecure/ttdinject 
Added proxy execution for ttdinject.exe
 2020-08-24 09:25:29 +02:00
Oddvar Moe
2dabdb0840 adjusted extrac32 yml error 2020-08-15 00:13:16 +02:00
Oddvar Moe
a24bc5b946 Merge pull request #79 from LuxNoBulIshit/master 
add new usecase for Extrace32.exe
 2020-08-15 00:05:37 +02:00
Oddvar Moe
631996950a Update Extrac32.yml 2020-08-15 00:05:16 +02:00
binar-x79
eb0279838b Create pktmon.yml 2020-08-12 22:04:03 -07:00
Tamirye
4db780e0f0 Create diantz.yml 
use daintz.exe to download and compress a binary file from a remote server\internet or use it to store file in Alternate data stream.
 2020-08-08 15:09:53 +03:00
LuxNoBu!!shit
be19ca53ed Update Extrac32.yml 2020-08-08 15:02:05 +03:00
LuxNoBu!!shit
2450b9fc0a Update Extrac32.yml 2020-08-08 15:01:46 +03:00
LuxNoBu!!shit
3a3d28e496 Update Extrac32.yml 
another use case for extrace32.
 2020-08-08 14:59:15 +03:00
Chris "Lopi" Spehn
689c3b1fea Update Regsvcs.yml 
Fixed inaccurate permissions
 2020-08-04 07:40:48 -06:00
@dtmsecurity
aa88bf8144 Create certreq.yml 2020-07-07 21:09:06 +01:00
Maxime Nadeau
640e7f2d65 Added a Windows 10 2004 version 2020-07-03 16:59:53 -04:00
bohops
343a0e2478 Added plain explorer execution 2020-07-03 15:03:07 -04:00
bohops
a976eaefe1 Updated Mitre Reference - T1096 2020-07-03 10:35:01 -04:00
bohops
f1a7ad92dd Changed privilege level for registration 2020-07-03 10:24:34 -04:00
Oddvar Moe
cb3a45008e Added regini.exe writing to registry using ADS 2020-07-03 15:40:58 +02:00
Oddvar Moe
420860e5f7 Adjusted some missing quotes and stuff on Dekstopimgdownldr 2020-07-03 15:05:33 +02:00
Oddvar Moe
7dfbc7af67 Update and rename desktopimgdownldr.yml to Desktopimgdownldr.yml 
Changed capitalization
 2020-07-03 15:04:09 +02:00
Oddvar Moe
c5866efc41 Merge pull request #74 from Kristal-g/master 
Added desktopimgdownldr.exe
 2020-07-03 15:03:10 +02:00
Oddvar Moe
dac58c312f Fixed some missing quotes and stuff on psr.exe 2020-07-03 14:59:50 +02:00
Oddvar Moe
17db28c643 Merge pull request #73 from Lemonada/master 
Add psr.exe
 2020-07-03 14:58:26 +02:00
Oddvar Moe
416680941d Rename explorer.yml to Explorer.yml 
Changed capitalization
 2020-07-03 14:52:29 +02:00
Oddvar Moe
8bb57e1ac5 Merge pull request #72 from JPMinty/master 
Create explorer.yml
 2020-07-03 14:50:07 +02:00
Oddvar Moe
8ce4c1497d Merge pull request #64 from noraj/patch-1 
Download for ftp.exe
 2020-07-03 14:08:32 +02:00
Oddvar Moe
794d3c04cc Added Acknowledgement to rundll32 2020-07-03 14:03:51 +02:00
Oddvar Moe
604eb45fb4 Merge pull request #61 from MartinIngesen/master 
Using rundll32 to execute dll from a SMB share
 2020-07-03 14:01:12 +02:00
Kristal-g
fd01a9151a Added desktopimgdownldr.exe 2020-07-02 20:46:05 +03:00
Lemonada
2a5a4e391d Create Psr.yml 
take screenshots of user sessions
 2020-06-27 14:51:07 +03:00
JPMinty
663724523f Update explorer.yml 2020-06-24 21:15:40 +09:30
JPMinty
dec26ada21 Create explorer.yml 2020-06-24 21:09:59 +09:30
Maxime Nadeau
b95fb7ed27 Added the IOCs 2020-05-12 16:40:49 -04:00
Maxime Nadeau
b8b265b397 Added ttdinject 2020-05-12 16:31:47 -04:00