Grzegorz Tworek 
							
						 
					 
					
						
						
							
						
						5b4d6d604c 
					 
					
						
						
							
							Create Fsutil.yml ( #339 )  
						
						
						
						
					 
					
						2023-11-06 15:01:59 +01:00 
						 
				 
			
				
					
						
							
							
								Oddvar Moe 
							
						 
					 
					
						
						
							
						
						abd4e989f4 
					 
					
						
						
							
							Update README.md  
						
						... 
						
						
						
						Inlcuded statement about NetNTLM coercing 
						
						
					 
					
						2023-11-06 14:54:56 +01:00 
						 
				 
			
				
					
						
							
							
								pfiatde 
							
						 
					 
					
						
						
							
						
						ee78111254 
					 
					
						
						
							
							Update Msiexec.yml ( #333 )  
						
						... 
						
						
						
						* Update Msiexec.yml
Added transform file execution
* Update Msiexec.yml 
						
						
					 
					
						2023-11-06 13:47:04 +01:00 
						 
				 
			
				
					
						
							
							
								Wietze 
							
						 
					 
					
						
						
							
						
						760151b598 
					 
					
						
						
							
							Fixing yml files with .yaml extension ( #338 )  
						
						
						
						
					 
					
						2023-10-19 17:17:15 +01:00 
						 
				 
			
				
					
						
							
							
								frack113 
							
						 
					 
					
						
						
							
						
						4f83231697 
					 
					
						
						
							
							Update old sigma link ( #303 )  
						
						... 
						
						
						
						* Update SigmaHQ ref
Signed-off-by: frack113 <62423083+frack113@users.noreply.github.com >
* Update SigmaHQ ref
Signed-off-by: frack113 <62423083+frack113@users.noreply.github.com >
* Update SigmaHq ref
Signed-off-by: frack113 <62423083+frack113@users.noreply.github.com >
* Update SigmaHq ref
Signed-off-by: frack113 <62423083+frack113@users.noreply.github.com >
---------
Signed-off-by: frack113 <62423083+frack113@users.noreply.github.com > 
						
						
					 
					
						2023-10-18 11:30:34 -04:00 
						 
				 
			
				
					
						
							
							
								Onat Uzunyayla 
							
						 
					 
					
						
						
							
						
						7aba6fb550 
					 
					
						
						
							
							Create vstest.console.exe ( #322 )  
						
						... 
						
						
						
						* vstest.console.exe awl bypass
* Create testwindowremoteagent.yaml
Data Exfiltration with TestWindowRemoteAgent.exe is added
* Create vstest.yaml
In order to utilize this, you have to create a Unit Test project for c++ preferrably (because it builds into a single DLL easily) and write your malicious code inside the test method then build it. the main function will not run any code at all but when you call vstest.console to run your unit tests it also performs the other code inside the test method so you can run your code without directly running exe or dll
* Delete testwindowremoteagent.yaml
* Update vstest.yaml
A new description added 
						
						
					 
					
						2023-10-18 11:28:04 -04:00 
						 
				 
			
				
					
						
							
							
								Kamran Saifullah - Frog Man 
							
						 
					 
					
						
						
							
						
						b13eb6f4fd 
					 
					
						
						
							
							DevTunnels - Other MS Binary for Data Exfiltration ( #327 )  
						
						... 
						
						
						
						* Add files via upload
* updated devtunnels.yml
* Update devtunnels.yml
* Update devtunnels.yml
* Update devtunnels.yml
* Updated Priviliges 
						
						
					 
					
						2023-10-15 00:05:54 +02:00 
						 
				 
			
				
					
						
							
							
								SILJAEUROPA 
							
						 
					 
					
						
						
							
						
						fa3b5ed33c 
					 
					
						
						
							
							added addinutil lolbas binary ( #335 )  
						
						... 
						
						
						
						* added addinutil lolbas binary
* updated format for lint
* EOF LF 
						
						
					 
					
						2023-10-09 09:05:57 +02:00 
						 
				 
			
				
					
						
							
							
								Manas Bellani 
							
						 
					 
					
						
						
							
						
						d6e4fb07d5 
					 
					
						
						
							
							Added lolbas iediagcmd.exe as discovered by Adam @hexacorn ( #199 )  
						
						... 
						
						
						
						Everything looks good, confirmed working on Windows 10 & 11, merging changes:
* Added 'Execute' lolbas for iediagcmd.exe
* Added missing fields from the template
* Update Iediagcmd.yml
Made corrections
* Update Iediagcmd.yml
Removing trailing spaces
* Update Iediagcmd.yml
removing empty fields
* Minor changes
* Update Iediagcmd.yml
Removing space before first "&". When setting the Environment variable, it's picking up the space so the path seemed to be "c:\test \", which is why tests are failing.
* Adding Windows 11 support
---------
Co-authored-by: Conor Richard <xenos@xenos-1.net >
Co-authored-by: Wietze <wietze@users.noreply.github.com > 
						
						
					 
					
						2023-10-04 09:47:18 -04:00 
						 
				 
			
				
					
						
							
							
								Conor Richard 
							
						 
					 
					
						
						
							
						
						90f666e7a0 
					 
					
						
						
							
							Merge pull request  #330  from LOLBAS-Project/fix/incorrect_date  
						
						... 
						
						
						
						Enforcing YYYY-MM-DD format for dates (fixes  #328 ) 
						
						
					 
					
						2023-10-03 15:03:23 -04:00 
						 
				 
			
				
					
						
							
							
								Wietze 
							
						 
					 
					
						
						
							
						
						b3951952b0 
					 
					
						
						
							
							Fixing command attribute on Vshadow  
						
						
						
						
					 
					
						2023-10-03 17:41:18 +01:00 
						 
				 
			
				
					
						
							
							
								Wietze 
							
						 
					 
					
						
						
							
						
						366cdbd57c 
					 
					
						
						
							
							Renaming vshadow file  
						
						
						
						
					 
					
						2023-10-03 17:38:41 +01:00 
						 
				 
			
				
					
						
							
							
								Wietze 
							
						 
					 
					
						
						
							
						
						746d49bbb3 
					 
					
						
						
							
							Merge remote-tracking branch 'origin/master' into fix/incorrect_date  
						
						
						
						
					 
					
						2023-10-03 17:37:28 +01:00 
						 
				 
			
				
					
						
							
							
								Wietze 
							
						 
					 
					
						
						
							
						
						e90d795e62 
					 
					
						
						
							
							Fixing incorrect category on testwindowremoteagent entry  
						
						
						
						
					 
					
						2023-10-03 17:24:36 +01:00 
						 
				 
			
				
					
						
							
							
								Wietze 
							
						 
					 
					
						
						
							
						
						135fc5ba49 
					 
					
						
						
							
							Fixing incorrect date on testwindowremoteagent entry  
						
						
						
						
					 
					
						2023-10-03 17:22:22 +01:00 
						 
				 
			
				
					
						
							
							
								Wietze 
							
						 
					 
					
						
						
							
						
						93aeeacb47 
					 
					
						
						
							
							Ensuring GitHub Actions isn't run twice on PR  
						
						
						
						
					 
					
						2023-10-03 17:21:42 +01:00 
						 
				 
			
				
					
						
							
							
								Wietze 
							
						 
					 
					
						
						
							
						
						96aad19b88 
					 
					
						
						
							
							Fixing trailing spaces  
						
						
						
						
					 
					
						2023-10-03 17:19:52 +01:00 
						 
				 
			
				
					
						
							
							
								Wietze 
							
						 
					 
					
						
						
							
						
						3ec9655b61 
					 
					
						
						
							
							Updating search path  
						
						
						
						
					 
					
						2023-10-03 17:16:05 +01:00 
						 
				 
			
				
					
						
							
							
								Wietze 
							
						 
					 
					
						
						
							
						
						52adf7084d 
					 
					
						
						
							
							Fixing incorrect extension of testwindowremoteagent entry  
						
						
						
						
					 
					
						2023-10-03 17:12:12 +01:00 
						 
				 
			
				
					
						
							
							
								Wietze 
							
						 
					 
					
						
						
							
						
						be18d9b26d 
					 
					
						
						
							
							Add file extension validation  
						
						
						
						
					 
					
						2023-10-03 17:10:21 +01:00 
						 
				 
			
				
					
						
							
							
								Wietze 
							
						 
					 
					
						
						
							
						
						03711770b7 
					 
					
						
						
							
							Enforcing YYYY-MM-DD format for dates  
						
						
						
						
					 
					
						2023-10-03 16:58:52 +01:00 
						 
				 
			
				
					
						
							
							
								AyberkHalac 
							
						 
					 
					
						
						
							
						
						f55d9d1131 
					 
					
						
						
							
							Adding vshadow.exe ( #325 )  
						
						... 
						
						
						
						Co-authored-by: Wietze <wietze@users.noreply.github.com > 
						
						
					 
					
						2023-10-03 16:53:08 +01:00 
						 
				 
			
				
					
						
							
							
								securepeacock 
							
						 
					 
					
						
						
							
						
						fd9fae8321 
					 
					
						
						
							
							Added Sigma to Teams.exe ( #329 )  
						
						
						
						
					 
					
						2023-10-03 12:04:39 +01:00 
						 
				 
			
				
					
						
							
							
								Jose Enrique Hernandez 
							
						 
					 
					
						
						
							
						
						a493c20989 
					 
					
						
						
							
							Merge pull request  #320  from mertdas/master  
						
						... 
						
						
						
						Create msedge_proxy.yml 
						
						
					 
					
						2023-09-05 13:26:30 -04:00 
						 
				 
			
				
					
						
							
							
								Jose Enrique Hernandez 
							
						 
					 
					
						
						
							
						
						d29b112d9e 
					 
					
						
						
							
							Merge pull request  #323  from onatuzunyayla/vstest  
						
						... 
						
						
						
						Create testwindowremoteagent.yaml 
						
						
					 
					
						2023-09-05 11:47:31 -04:00 
						 
				 
			
				
					
						
							
							
								Mert Daş 
							
						 
					 
					
						
						
							
						
						e75e99f1cf 
					 
					
						
						
							
							Update msedge_proxy.yml  
						
						
						
						
					 
					
						2023-09-05 18:47:05 +03:00 
						 
				 
			
				
					
						
							
							
								Mert Daş 
							
						 
					 
					
						
						
							
						
						e585183dcd 
					 
					
						
						
							
							Update msedge_proxy.yml  
						
						
						
						
					 
					
						2023-09-05 18:45:00 +03:00 
						 
				 
			
				
					
						
							
							
								Mert Daş 
							
						 
					 
					
						
						
							
						
						69976b4880 
					 
					
						
						
							
							Update msedge_proxy.yml  
						
						
						
						
					 
					
						2023-09-05 18:41:36 +03:00 
						 
				 
			
				
					
						
							
							
								Mert Daş 
							
						 
					 
					
						
						
							
						
						fee20a0813 
					 
					
						
						
							
							Update msedge_proxy.yml  
						
						
						
						
					 
					
						2023-09-05 18:39:16 +03:00 
						 
				 
			
				
					
						
							
							
								Mert Daş 
							
						 
					 
					
						
						
							
						
						7da6f3216d 
					 
					
						
						
							
							Update msedge_proxy.yml  
						
						
						
						
					 
					
						2023-09-05 18:37:14 +03:00 
						 
				 
			
				
					
						
							
							
								Wietze 
							
						 
					 
					
						
						
							
						
						b137406d8d 
					 
					
						
						
							
							Update testwindowremoteagent.yaml  
						
						
						
						
					 
					
						2023-09-04 10:36:28 +01:00 
						 
				 
			
				
					
						
							
							
								Wietze 
							
						 
					 
					
						
						
							
						
						820e077aa0 
					 
					
						
						
							
							Adding missing end-of-file newline  
						
						
						
						
					 
					
						2023-09-04 10:34:34 +01:00 
						 
				 
			
				
					
						
							
							
								Mert Daş 
							
						 
					 
					
						
						
							
						
						e2c58fcf31 
					 
					
						
						
							
							Update msedge_proxy.yml  
						
						
						
						
					 
					
						2023-09-03 22:28:00 +03:00 
						 
				 
			
				
					
						
							
							
								Mert Daş 
							
						 
					 
					
						
						
							
						
						d5f153b84b 
					 
					
						
						
							
							Update msedge_proxy.yml  
						
						
						
						
					 
					
						2023-09-03 22:23:40 +03:00 
						 
				 
			
				
					
						
							
							
								Mert Daş 
							
						 
					 
					
						
						
							
						
						f8743a4109 
					 
					
						
						
							
							Update msedge_proxy.yml  
						
						
						
						
					 
					
						2023-09-03 22:17:14 +03:00 
						 
				 
			
				
					
						
							
							
								Mert Daş 
							
						 
					 
					
						
						
							
						
						994aa792f0 
					 
					
						
						
							
							Update msedge_proxy.yml  
						
						
						
						
					 
					
						2023-09-03 22:11:01 +03:00 
						 
				 
			
				
					
						
							
							
								Jose Enrique Hernandez 
							
						 
					 
					
						
						
							
						
						db7fef6ec0 
					 
					
						
						
							
							Merge pull request  #292  from Ekitji/master  
						
						... 
						
						
						
						dsdbutil.exe 
						
						
					 
					
						2023-09-03 14:57:48 -04:00 
						 
				 
			
				
					
						
							
							
								Jose Enrique Hernandez 
							
						 
					 
					
						
						
							
						
						add2198f43 
					 
					
						
						
							
							Merge pull request  #191  from lltltk/master  
						
						... 
						
						
						
						Create Teams.exe 
						
						
					 
					
						2023-09-03 14:53:48 -04:00 
						 
				 
			
				
					
						
							
							
								Mert Daş 
							
						 
					 
					
						
						
							
						
						247511bca8 
					 
					
						
						
							
							Update msedge_proxy.yml  
						
						
						
						
					 
					
						2023-09-03 21:51:32 +03:00 
						 
				 
			
				
					
						
							
							
								josehelps 
							
						 
					 
					
						
						
							
						
						26cc085243 
					 
					
						
						
							
							removing blank line  
						
						
						
						
					 
					
						2023-09-03 14:49:16 -04:00 
						 
				 
			
				
					
						
							
							
								Mert Daş 
							
						 
					 
					
						
						
							
						
						a0874f2bb7 
					 
					
						
						
							
							Update msedge_proxy.yml  
						
						
						
						
					 
					
						2023-09-03 21:48:05 +03:00 
						 
				 
			
				
					
						
							
							
								josehelps 
							
						 
					 
					
						
						
							
						
						e935a7bf05 
					 
					
						
						
							
							still trying to correct CI fails  
						
						
						
						
					 
					
						2023-09-03 14:47:48 -04:00 
						 
				 
			
				
					
						
							
							
								Mert Daş 
							
						 
					 
					
						
						
							
						
						53f8fbe19b 
					 
					
						
						
							
							Update msedge_proxy.yml  
						
						
						
						
					 
					
						2023-09-03 21:44:41 +03:00 
						 
				 
			
				
					
						
							
							
								josehelps 
							
						 
					 
					
						
						
							
						
						a678306935 
					 
					
						
						
							
							bug: CI failing fixing  
						
						
						
						
					 
					
						2023-09-03 14:43:08 -04:00 
						 
				 
			
				
					
						
							
							
								Jose Enrique Hernandez 
							
						 
					 
					
						
						
							
						
						dadd9db018 
					 
					
						
						
							
							Merge pull request  #324  from frack113/provlaunch  
						
						... 
						
						
						
						Add SigmaHQ Detection 
						
						
					 
					
						2023-09-03 13:37:49 -04:00 
						 
				 
			
				
					
						
							
							
								frack113 
							
						 
					 
					
						
						
							
						
						50c481795b 
					 
					
						
						
							
							Add SigmaHQ ref  
						
						... 
						
						
						
						Signed-off-by: frack113 <62423083+frack113@users.noreply.github.com > 
						
						
					 
					
						2023-09-03 15:06:34 +02:00 
						 
				 
			
				
					
						
							
							
								Mert Daş 
							
						 
					 
					
						
						
							
						
						9d79fab230 
					 
					
						
						
							
							Update msedge_proxy.yml  
						
						
						
						
					 
					
						2023-08-25 21:24:58 +03:00 
						 
				 
			
				
					
						
							
							
								Mert Daş 
							
						 
					 
					
						
						
							
						
						0f3b483ae1 
					 
					
						
						
							
							Update msedge_proxy.yml  
						
						
						
						
					 
					
						2023-08-25 21:23:41 +03:00 
						 
				 
			
				
					
						
							
							
								onatuzunyayla 
							
						 
					 
					
						
						
							
						
						c65c9545f5 
					 
					
						
						
							
							Create testwindowremoteagent.yaml  
						
						... 
						
						
						
						This one is pretty straightforward and related to the vstest so pushed the commit for this pull request. TestWindowRemoteAgent.exe is a signed DLL that can be utilized to be a gadget for data exfiltration since it tries connection to any host. 
						
						
					 
					
						2023-08-25 15:49:14 +03:00 
						 
				 
			
				
					
						
							
							
								Ekitji 
							
						 
					 
					
						
						
							
						
						59f0c133f8 
					 
					
						
						
							
							Add files via upload  
						
						
						
						
					 
					
						2023-08-23 02:50:03 -04:00