Commit Graph

307 Commits

Author SHA1 Message Date
Oddvar Moe
2406d99f33 Rename pnputil.yml to Pnputil.yml
Casing
2021-01-21 22:49:19 +01:00
Oddvar Moe
64914b641c Adjusted error on pnputil yml file 2021-01-21 22:48:05 +01:00
Oddvar Moe
5b9c4f63dc Merge pull request #118 from LuxNoBulIshit/master
Pnputil.exe
2021-01-21 22:42:40 +01:00
Oddvar Moe
394d3c66f9 Merge pull request #112 from zeroSteiner/patch-1
Update the affected operating systems for SyncAppvPublishingServer
2021-01-21 22:35:50 +01:00
Oddvar Moe
e9e458d6b7 Merge pull request #111 from michalani/patch-1
Addded missing path for winword.exe
2021-01-21 22:32:24 +01:00
Oddvar Moe
97176a0a07 Merge pull request #110 from whickey-r7/patch-2
Create AppInstaller.yml
2021-01-21 22:29:35 +01:00
Oddvar Moe
6774d228a5 Merge pull request #109 from unexpectedBy/patch-2
Create DataSvcUtil.yml
2021-01-21 22:24:02 +01:00
Oddvar Moe
1bf91d246a Merge pull request #107 from nasbench/adding-dllhost-lolbin
Create Dllhost.yml
2021-01-21 22:20:03 +01:00
Oddvar Moe
7014e1a434 Merge pull request #106 from jesgal/jesgal-patch-whatsapp
Jesgal patch whatsapp
2021-01-21 22:17:14 +01:00
Oddvar Moe
adfb75114a Merge pull request #105 from jesgal/jesgal-persistence-update
Jesgal persistence update
2021-01-21 22:14:27 +01:00
LuxNoBu!!shit
f59da6598c Delete pnputil.exe 2020-12-25 12:22:28 -08:00
LuxNoBu!!shit
0d819439c5 Create pnputil.exe 2020-12-25 12:14:15 -08:00
LuxNoBu!!shit
21f414c479 Create pnputil.exe 2020-12-25 12:05:16 -08:00
Spencer McIntyre
deb249042b Update the affected operating systems for SyncAppvPublishingServer 2020-12-08 15:32:35 -05:00
michalani
36b28ddd98 Update Winword.yml 2020-12-03 01:03:08 +00:00
whickey-r7
b381d04faf Create AppInstaller.yml
New lolbin for downloading files in Windows 10.
2020-12-02 11:35:49 -05:00
unload
bfe248b07e Create DataSvcUtil.yml
Another data exfil way with lolbins
2020-12-01 22:57:09 -03:00
Nasreddine Bencherchali
15d5ff302d Create Dllhost.yml 2020-11-07 14:22:24 +01:00
jesgal
483482e3a3 Create Upload.yml
File describing the execution of LolBin Update.exe deployed with the installation of Whatsapp on Windows operating systems.
2020-11-01 20:09:41 +01:00
jesgal
4c67be51c1 Delete Update.yml 2020-11-01 20:05:25 +01:00
jesgal
748cfb4223 Merge pull request #2 from jesgal/jesgal-persistence-update
Update Update.yml
2020-11-01 19:53:13 +01:00
jesgal
b0e4b625a4 Merge pull request #3 from jesgal/jesgal-patch-2
Create Update.yml
2020-11-01 19:52:20 +01:00
jesgal
31c7d34a00 Create Update.yml
This file describes LoLbin Update.exe deployed in the Whatsapp installation for Windows Operating Systems.
2020-11-01 19:50:59 +01:00
jesgal
9642f81be7 Update Update.yml
I update this LolBin to create persistence of payload.exe in the directory "%appdata%\Microsoft\Windows\Start Menu\Programs\Startup" by running payload.exe with the argument "--createShortcut" and "--removeShortcut".
2020-10-29 09:12:28 +01:00
jesgal
6e5bd0e9e1 Merge pull request #1 from LOLBAS-Project/master
Updating repository
2020-10-29 09:01:46 +01:00
Conor Richard
d15172284a Merge pull request #101 from leo1-1/master
added command to certutil
2020-10-26 19:44:53 -04:00
Conor Richard
5806d33e70 Update Certutil.yml 2020-10-26 19:43:55 -04:00
leo1-1
64d5dffc4b Delete certutil.yml 2020-10-26 08:59:00 +02:00
leo1-1
76d79ea479 Update Certutil 2020-10-26 08:57:42 +02:00
leo1-1
2166960d4e changed path 2020-10-26 08:22:58 +02:00
leo1-1
9b60a844a2 Rename certutil.yml.txt to certutil.yml
changed
2020-10-25 09:03:39 +02:00
Conor Richard
9a83179ddd Merge pull request #99 from dtmsecurity/master
Create Wuauclt.yml
2020-10-24 22:29:34 -04:00
Conor Richard
edbd01860c Merge pull request #97 from MartinSohn/master
Create Coregen.yml - Thank you for the contribution!
2020-10-24 21:49:09 -04:00
Conor Richard
04c0e7ee38 Update Explorer.yml
Fixing alignment in Acknowledgement section
2020-10-22 22:00:05 -04:00
xenoscr
de169664d6 Finxing missing quotes 2020-10-22 21:51:57 -04:00
Conor Richard
b61cd18072 Merge pull request #94 from checkymander/master
Create DefaultPack.yml
2020-10-22 21:19:50 -04:00
Conor Richard
4f19dbba19 Merge pull request #93 from C3dr1cMFE/add_MpCmdRun_Bypass
Update MpCmdRun.yml
2020-10-22 21:05:37 -04:00
Conor Richard
d281faccd3 Merge pull request #92 from whickey-r7/patch-1
Update Xwizard.yml
2020-10-22 20:57:55 -04:00
Conor Richard
93e6e583f7 Merge pull request #88 from unexpectedBy/patch-1
Create ConfigSecurityPolicy.yml
2020-10-22 20:42:02 -04:00
Conor Richard
9a6309d8de Update ConfigSecurityPolicy.yml
Added link to Tweet from author containing an example usage.
2020-10-22 20:38:50 -04:00
leo1-1
ab6d42ddcf added command to certutil 2020-10-14 21:10:19 +03:00
@dtmsecurity
651e156583 Create Wuauclt.yml 2020-10-12 19:24:45 +01:00
Martin
47c03c97b8 Typo 2020-10-10 19:54:50 +00:00
Martin
22d9bbe92a Initial commit of Coregen.yml 2020-10-09 17:10:49 +02:00
checkymander
a45d4ca25c Create DefaultPack.yml
Added DefaultPack.EXE LOLBin
2020-10-01 22:37:00 -04:00
Cochin, Cedric
13026a481b Update MpCmdRun.yml
DownloadFile option has been removed from current MpCmdRun.exe, but old binary remains on disk. Defender cmd line mitigation can be bypassed by simply renaming the binary in a folder controlled by the attacker
2020-09-24 14:09:58 -07:00
whickey-r7
11aa1e503b Update Xwizard.yml
This lolbin has functionality which allows downloading of files from the internet as well as previously outlined execution functionality.
2020-09-16 16:34:47 +00:00
unload
6a5af9a71c Create ConfigSecurityPolicy.yml 2020-09-04 07:54:44 -03:00
Conor Richard
aa34fd8677 Merge pull request #87 from richrumble/patch-1
Update MpCmdRun.yml Added new IOC and alternate / Vs. - details. Thank you @richrumble
2020-09-03 12:23:22 -07:00
Rich Rumble
1b00b374b3 Updated per suggestion
Thanks!
2020-09-03 11:46:25 -04:00