public-mirrors/LOLBAS
1
0
Fork 0
mirror of https://github.com/LOLBAS-Project/LOLBAS synced 2024-12-27 07:18:05 +01:00
Code Issues Projects Releases Wiki Activity
753 Commits 4 Branches 0 Tags 11 MiB
41dc3d9c2f
Commit Graph

580 Commits

Author SHA1 Message Date
M-khalifa1
41dc3d9c2f
Update Auditpol.yml 2024-02-24 17:51:04 +03:00
M-khalifa1
4f1e368b90
Update Auditpol.yml 2024-02-24 17:40:07 +03:00
M-khalifa1
bbb3ec045d
Create Auditpol.yml 2024-02-24 17:24:45 +03:00
j00c3
23bf33c7c4
Update MITRE T1185 to T1105 (#345) 2024-02-17 17:30:52 +00:00
Bjarne
ce53e1376a
Moved text to correct line (#349) 
Moved "and show response in terminal" from `Command` to `Description`
 2024-02-17 17:14:08 +00:00
Lino
bba87a6c2a
TypoFix: Addinutil.yml (#342) 
Small typo fix:
serliaized -> serialized
 2024-02-13 13:37:40 +00:00
Wietze
80267d91dd
Adding GitHub Actions workflow test for duplicate filenames (#340) 
* Adding GitHub Actions workflow test for duplicate filenames

* Adding generic error message

* Deduping fsutil.exe and teams.exe
 2023-11-07 20:55:24 -05:00
Grzegorz Tworek
5b4d6d604c
Create Fsutil.yml (#339) 2023-11-06 15:01:59 +01:00
pfiatde
ee78111254
Update Msiexec.yml (#333) 
* Update Msiexec.yml

Added transform file execution

* Update Msiexec.yml
 2023-11-06 13:47:04 +01:00
Wietze
760151b598
Fixing yml files with .yaml extension (#338) 2023-10-19 17:17:15 +01:00
frack113
4f83231697
Update old sigma link (#303) 
* Update SigmaHQ ref

Signed-off-by: frack113 <62423083+frack113@users.noreply.github.com>

* Update SigmaHQ ref

Signed-off-by: frack113 <62423083+frack113@users.noreply.github.com>

* Update SigmaHq ref

Signed-off-by: frack113 <62423083+frack113@users.noreply.github.com>

* Update SigmaHq ref

Signed-off-by: frack113 <62423083+frack113@users.noreply.github.com>

---------

Signed-off-by: frack113 <62423083+frack113@users.noreply.github.com>
 2023-10-18 11:30:34 -04:00
Onat Uzunyayla
7aba6fb550
Create vstest.console.exe (#322) 
* vstest.console.exe awl bypass

* Create testwindowremoteagent.yaml

Data Exfiltration with TestWindowRemoteAgent.exe is added

* Create vstest.yaml

In order to utilize this, you have to create a Unit Test project for c++ preferrably (because it builds into a single DLL easily) and write your malicious code inside the test method then build it. the main function will not run any code at all but when you call vstest.console to run your unit tests it also performs the other code inside the test method so you can run your code without directly running exe or dll

* Delete testwindowremoteagent.yaml

* Update vstest.yaml

A new description added
 2023-10-18 11:28:04 -04:00
Kamran Saifullah - Frog Man
b13eb6f4fd
DevTunnels - Other MS Binary for Data Exfiltration (#327) 
* Add files via upload

* updated devtunnels.yml

* Update devtunnels.yml

* Update devtunnels.yml

* Update devtunnels.yml

* Updated Priviliges
 2023-10-15 00:05:54 +02:00
SILJAEUROPA
fa3b5ed33c
added addinutil lolbas binary (#335) 
* added addinutil lolbas binary

* updated format for lint

* EOF LF
 2023-10-09 09:05:57 +02:00
Manas Bellani
d6e4fb07d5
Added lolbas iediagcmd.exe as discovered by Adam @hexacorn (#199) 
Everything looks good, confirmed working on Windows 10 & 11, merging changes:

* Added 'Execute' lolbas for iediagcmd.exe

* Added missing fields from the template

* Update Iediagcmd.yml

Made corrections

* Update Iediagcmd.yml

Removing trailing spaces

* Update Iediagcmd.yml

removing empty fields

* Minor changes

* Update Iediagcmd.yml

Removing space before first "&". When setting the Environment variable, it's picking up the space so the path seemed to be "c:\test \", which is why tests are failing.

* Adding Windows 11 support

---------

Co-authored-by: Conor Richard <xenos@xenos-1.net>
Co-authored-by: Wietze <wietze@users.noreply.github.com>
 2023-10-04 09:47:18 -04:00
Wietze
b3951952b0
Fixing command attribute on Vshadow 2023-10-03 17:41:18 +01:00
Wietze
366cdbd57c
Renaming vshadow file 2023-10-03 17:38:41 +01:00
Wietze
746d49bbb3
Merge remote-tracking branch 'origin/master' into fix/incorrect_date 2023-10-03 17:37:28 +01:00
Wietze
e90d795e62
Fixing incorrect category on testwindowremoteagent entry 2023-10-03 17:24:36 +01:00
Wietze
135fc5ba49
Fixing incorrect date on testwindowremoteagent entry 2023-10-03 17:22:22 +01:00
Wietze
96aad19b88
Fixing trailing spaces 2023-10-03 17:19:52 +01:00
Wietze
52adf7084d
Fixing incorrect extension of testwindowremoteagent entry 2023-10-03 17:12:12 +01:00
AyberkHalac
f55d9d1131
Adding vshadow.exe (#325) 
Co-authored-by: Wietze <wietze@users.noreply.github.com>
 2023-10-03 16:53:08 +01:00
securepeacock
fd9fae8321
Added Sigma to Teams.exe (#329) 2023-10-03 12:04:39 +01:00
Jose Enrique Hernandez
a493c20989
Merge pull request #320 from mertdas/master 
Create msedge_proxy.yml
 2023-09-05 13:26:30 -04:00
Jose Enrique Hernandez
d29b112d9e
Merge pull request #323 from onatuzunyayla/vstest 
Create testwindowremoteagent.yaml
 2023-09-05 11:47:31 -04:00
Mert Daş
e75e99f1cf
Update msedge_proxy.yml 2023-09-05 18:47:05 +03:00
Mert Daş
e585183dcd
Update msedge_proxy.yml 2023-09-05 18:45:00 +03:00
Mert Daş
69976b4880
Update msedge_proxy.yml 2023-09-05 18:41:36 +03:00
Mert Daş
fee20a0813
Update msedge_proxy.yml 2023-09-05 18:39:16 +03:00
Mert Daş
7da6f3216d
Update msedge_proxy.yml 2023-09-05 18:37:14 +03:00
Wietze
b137406d8d
Update testwindowremoteagent.yaml 2023-09-04 10:36:28 +01:00
Wietze
820e077aa0
Adding missing end-of-file newline 2023-09-04 10:34:34 +01:00
Mert Daş
e2c58fcf31
Update msedge_proxy.yml 2023-09-03 22:28:00 +03:00
Mert Daş
d5f153b84b
Update msedge_proxy.yml 2023-09-03 22:23:40 +03:00
Mert Daş
f8743a4109
Update msedge_proxy.yml 2023-09-03 22:17:14 +03:00
Mert Daş
994aa792f0
Update msedge_proxy.yml 2023-09-03 22:11:01 +03:00
Jose Enrique Hernandez
db7fef6ec0
Merge pull request #292 from Ekitji/master 
dsdbutil.exe
 2023-09-03 14:57:48 -04:00
Jose Enrique Hernandez
add2198f43
Merge pull request #191 from lltltk/master 
Create Teams.exe
 2023-09-03 14:53:48 -04:00
Mert Daş
247511bca8
Update msedge_proxy.yml 2023-09-03 21:51:32 +03:00
josehelps
26cc085243 removing blank line 2023-09-03 14:49:16 -04:00
Mert Daş
a0874f2bb7
Update msedge_proxy.yml 2023-09-03 21:48:05 +03:00
josehelps
e935a7bf05 still trying to correct CI fails 2023-09-03 14:47:48 -04:00
Mert Daş
53f8fbe19b
Update msedge_proxy.yml 2023-09-03 21:44:41 +03:00
josehelps
a678306935 bug: CI failing fixing 2023-09-03 14:43:08 -04:00
frack113
50c481795b Add SigmaHQ ref 
Signed-off-by: frack113 <62423083+frack113@users.noreply.github.com>
 2023-09-03 15:06:34 +02:00
Mert Daş
9d79fab230
Update msedge_proxy.yml 2023-08-25 21:24:58 +03:00
Mert Daş
0f3b483ae1
Update msedge_proxy.yml 2023-08-25 21:23:41 +03:00
onatuzunyayla
c65c9545f5 Create testwindowremoteagent.yaml 
This one is pretty straightforward and related to the vstest so pushed the commit for this pull request. TestWindowRemoteAgent.exe is a signed DLL that can be utilized to be a gadget for data exfiltration since it tries connection to any host.
 2023-08-25 15:49:14 +03:00
Ekitji
59f0c133f8
Add files via upload 2023-08-23 02:50:03 -04:00