Commit Graph

237 Commits

Author SHA1 Message Date
Oddvar Moe
1bf91d246a
Merge pull request #107 from nasbench/adding-dllhost-lolbin
Create Dllhost.yml
2021-01-21 22:20:03 +01:00
Nasreddine Bencherchali
15d5ff302d
Create Dllhost.yml 2020-11-07 14:22:24 +01:00
jesgal
483482e3a3
Create Upload.yml
File describing the execution of LolBin Update.exe deployed with the installation of Whatsapp on Windows operating systems.
2020-11-01 20:09:41 +01:00
jesgal
4c67be51c1
Delete Update.yml 2020-11-01 20:05:25 +01:00
jesgal
748cfb4223
Merge pull request #2 from jesgal/jesgal-persistence-update
Update Update.yml
2020-11-01 19:53:13 +01:00
jesgal
31c7d34a00
Create Update.yml
This file describes LoLbin Update.exe deployed in the Whatsapp installation for Windows Operating Systems.
2020-11-01 19:50:59 +01:00
jesgal
9642f81be7
Update Update.yml
I update this LolBin to create persistence of payload.exe in the directory "%appdata%\Microsoft\Windows\Start Menu\Programs\Startup" by running payload.exe with the argument "--createShortcut" and "--removeShortcut".
2020-10-29 09:12:28 +01:00
Conor Richard
d15172284a
Merge pull request #101 from leo1-1/master
added command to certutil
2020-10-26 19:44:53 -04:00
Conor Richard
5806d33e70
Update Certutil.yml 2020-10-26 19:43:55 -04:00
leo1-1
64d5dffc4b
Delete certutil.yml 2020-10-26 08:59:00 +02:00
leo1-1
76d79ea479
Update Certutil 2020-10-26 08:57:42 +02:00
leo1-1
2166960d4e
changed path 2020-10-26 08:22:58 +02:00
Conor Richard
9a83179ddd
Merge pull request #99 from dtmsecurity/master
Create Wuauclt.yml
2020-10-24 22:29:34 -04:00
Conor Richard
edbd01860c
Merge pull request #97 from MartinSohn/master
Create Coregen.yml - Thank you for the contribution!
2020-10-24 21:49:09 -04:00
Conor Richard
04c0e7ee38
Update Explorer.yml
Fixing alignment in Acknowledgement section
2020-10-22 22:00:05 -04:00
xenoscr
de169664d6 Finxing missing quotes 2020-10-22 21:51:57 -04:00
Conor Richard
b61cd18072
Merge pull request #94 from checkymander/master
Create DefaultPack.yml
2020-10-22 21:19:50 -04:00
Conor Richard
4f19dbba19
Merge pull request #93 from C3dr1cMFE/add_MpCmdRun_Bypass
Update MpCmdRun.yml
2020-10-22 21:05:37 -04:00
Conor Richard
d281faccd3
Merge pull request #92 from whickey-r7/patch-1
Update Xwizard.yml
2020-10-22 20:57:55 -04:00
Conor Richard
9a6309d8de
Update ConfigSecurityPolicy.yml
Added link to Tweet from author containing an example usage.
2020-10-22 20:38:50 -04:00
@dtmsecurity
651e156583
Create Wuauclt.yml 2020-10-12 19:24:45 +01:00
Martin
47c03c97b8
Typo 2020-10-10 19:54:50 +00:00
Martin
22d9bbe92a
Initial commit of Coregen.yml 2020-10-09 17:10:49 +02:00
checkymander
a45d4ca25c
Create DefaultPack.yml
Added DefaultPack.EXE LOLBin
2020-10-01 22:37:00 -04:00
Cochin, Cedric
13026a481b Update MpCmdRun.yml
DownloadFile option has been removed from current MpCmdRun.exe, but old binary remains on disk. Defender cmd line mitigation can be bypassed by simply renaming the binary in a folder controlled by the attacker
2020-09-24 14:09:58 -07:00
whickey-r7
11aa1e503b
Update Xwizard.yml
This lolbin has functionality which allows downloading of files from the internet as well as previously outlined execution functionality.
2020-09-16 16:34:47 +00:00
unload
6a5af9a71c
Create ConfigSecurityPolicy.yml 2020-09-04 07:54:44 -03:00
Rich Rumble
1b00b374b3
Updated per suggestion
Thanks!
2020-09-03 11:46:25 -04:00
Rich Rumble
3078cc3755
Update MpCmdRun.yml
Added note that slashes (/) can also be used as command separators, and that the UA is MpCommunication
Thanks!
2020-09-03 10:39:24 -04:00
Oddvar Moe
63c9bc97c3 Added detection details on mpcmdrun 2020-09-03 15:29:32 +02:00
Oddvar Moe
5c5a218faf Updated links on mpcmdrun 2020-09-03 11:00:56 +02:00
Oddvar Moe
bfccb51085 Added MpCmdRun.exe 2020-09-03 10:55:37 +02:00
Oddvar Moe
9a5e2b114f Fixed the OS versions on Diantz 2020-09-03 10:28:49 +02:00
Oddvar Moe
38a3d406b0
Update and rename pktmon.yml to Pktmon.yml 2020-08-24 09:51:48 +02:00
Oddvar Moe
2bb6404160
Merge pull request #82 from binar-x79/patch-1
Create pktmon.yml
2020-08-24 09:49:44 +02:00
Oddvar Moe
525fc0c1eb Added missing ticks in Diantz 2020-08-24 09:48:07 +02:00
Oddvar Moe
9b290ba808
Update and rename diantz.yml to Diantz.yml 2020-08-24 09:46:09 +02:00
Oddvar Moe
48219b177f
Merge pull request #80 from Tamirye/master
Create diantz.yml
2020-08-24 09:45:12 +02:00
Oddvar Moe
c5c6820c56
Rename agentexecutor.yml to Agentexecutor.yml 2020-08-24 09:42:07 +02:00
Oddvar Moe
a7da0deddd
Merge pull request #77 from leftp/master
Added method for AgentExecutor
2020-08-24 09:41:22 +02:00
Oddvar Moe
57346d17f4 Changed capitalization inside file 2020-08-24 09:34:56 +02:00
Oddvar Moe
4792d22ddd
Rename vbc.yml to Vbc.yml 2020-08-24 09:33:37 +02:00
Oddvar Moe
380b8cfecd
Rename ilasm.yml to Ilasm.yml 2020-08-24 09:33:22 +02:00
Oddvar Moe
fa3710ede5
Rename certreq.yml to Certreq.yml 2020-08-24 09:32:54 +02:00
Oddvar Moe
a104fbd075
Merge pull request #75 from dtmsecurity/master
Create certreq.yml
2020-08-24 09:30:16 +02:00
Oddvar Moe
2cf7d8cdeb Adjusted missing ticks in Acknowledgement 2020-08-24 09:28:38 +02:00
Oddvar Moe
84a6cd8e85
Merge pull request #66 from GoSecure/gosecure/ttdinject
Added proxy execution for ttdinject.exe
2020-08-24 09:25:29 +02:00
Oddvar Moe
8cf6ef53fb
Rename squirrel.yml to Squirrel.yml 2020-08-15 00:27:11 +02:00
Oddvar Moe
39f55359ef
Rename update.yml to Update.yml 2020-08-15 00:26:53 +02:00
Oddvar Moe
020416d098
Delete Update.yml 2020-08-15 00:26:35 +02:00