public-mirrors/LOLBAS
1
0
Fork 0
mirror of https://github.com/LOLBAS-Project/LOLBAS synced 2024-12-27 23:37:58 +01:00
Code Issues Projects Releases Wiki Activity
753 Commits 4 Branches 0 Tags 11 MiB
41dc3d9c2f
Commit Graph

580 Commits

Author SHA1 Message Date
Wietze
4a8bdf4844
Fix casing on Desk.cpl entry 2022-04-27 11:20:13 +01:00
LuxNoBu!!shit
6ed0fb9326
Create Desk.cpl (#207) 
Co-authored-by: Wietze <wietze@users.noreply.github.com>
 2022-04-27 11:15:15 +01:00
Wietze
e4261b1f02
Fixing typo 2022-04-26 16:59:14 +01:00
Wietze
5c46dd63f5
Giving Hexacorn the proper credit 2022-04-07 15:50:39 +01:00
Wietze
4df2e43c82
Adding Conhost.exe LOLBAS 2022-04-05 18:46:58 +01:00
Wietze
55a7ea9a81
Fixing wlrmdr entry 2022-02-16 21:02:24 +00:00
Moshe Kaplan
12c85eb8f0
Create wlrmdr.yml (#194) 
Co-authored-by: Wietze <wietze@users.noreply.github.com>
 2022-02-16 20:41:14 +00:00
akshat pradhan
a7f7ec2cc2
Changing ATT&CK TID of wuauclt.exe entry (#193) 2022-01-23 22:24:59 +00:00
Andrew Kisliakov
e40a6432a0
Merge branch 'LOLBAS-Project:master' into master 2022-01-17 08:16:16 +00:00
Andrew Kisliakov
ada7f7f6c3 Microsoft Teams as a LOLbin 2022-01-17 08:11:47 +00:00
Wietze
085aaa37b1
Adding more missed-out entries 2021-12-15 11:50:18 +00:00
Wietze
52302853c9
Merge branch 'master' into windows_11_sprint 2021-12-14 17:39:36 +00:00
Wietze
e51caad3dd
Adding Windows 11 reference to missed-out executables 2021-12-14 16:57:56 +00:00
Wietze
6793a7d238
Fixing various issues identified 2021-12-14 16:50:22 +00:00
Wietze
adf171d089
Applying minor format changes (incorrectly formatted dates, typos, etc.) 2021-12-14 15:53:03 +00:00
Wietze
754a451e76
Updating entries that have been confirmed to be working on Windows 11 (21H2) 2021-12-14 15:51:43 +00:00
Wietze
39d4e815af
Minor formatting changes (redudant backslashes, incorrect dates, typos, etc.) 2021-12-14 14:57:32 +00:00
whickey-r7
18bceb7639
Create Unregmp2.yml 
Added a new lolbin, unregmp2.exe, used for proxying execution.
 2021-12-06 12:13:24 -05:00
frack113
17899acbb0
Adding Sigma references to ConfigSecurityPolicy, Diantz, ExtExport & Extrac32 (#184) 2021-12-06 11:19:01 +00:00
frack113
2d28767c04
Adding new Sigma references (AppInstaller, AspnetCompiler, Bash, Certreq) (#183) 2021-11-25 09:42:26 +00:00
Wietze
f7b30775a4
Odbcconf realign to T1218.008, hh.exe to T1218.001 2021-11-16 14:09:37 +00:00
bohops
23dd0236ae
Detection Resources and Other Updates (#179) 
* Add detection links for scripts

* Add detection links for OtherMSBins. Fixed and updated as needed.

* Add detection links for MSBins. Fixed and updated as needed.

* Add detection links for oslibraries

* Updating template for Detections

* Removing empty Detection:Sigma entries

* Remove redundant blank line

* Replacing commit URL with file URL

Co-authored-by: root <root@DESKTOP-5CR935D.localdomain>
Co-authored-by: Wietze <wietze@users.noreply.github.com>
 2021-11-15 08:19:03 -05:00
Wietze
4860585fb7
Adding CustomShellHost.exe LOLBAS 2021-11-14 23:26:39 +00:00
akshat pradhan
2031916b1a
ATT&CK realignment, typo fixes (#178) 
* Corrected Mitre TID for pnputil
* Fixed Command misspells
 2021-11-14 17:27:17 +00:00
akshat pradhan
53a4070205 Fixed formating 2021-11-09 08:16:34 +05:30
akshat pradhan
33a8da933c Added AWL Bypass to Ssh.yml 2021-11-09 08:14:43 +05:30
akshat pradhan
dfc7d40b1f Create Ssh 2021-11-08 22:21:37 +05:30
Wietze
2380c506d4
LSASS realign to T1003.001 2021-11-05 20:35:58 +00:00
Wietze
df8c88f4ca
Remaping NTDS entries to T1003.003 2021-11-05 20:32:44 +00:00
Wietze
8257d60aad
Realigning .ps1 scripts to T1216 2021-11-05 20:29:07 +00:00
Wietze
bc51cb4e03
More changes (mainly changing some T1218 instances to T1202) 2021-11-05 20:19:39 +00:00
Wietze
2577066af9
More changes (mainly changing generic T1218 to dev-specific T1127) 2021-11-05 20:06:57 +00:00
Wietze
8286677dac
Applying more specific subtechniques to Verclsid 2021-11-05 19:38:21 +00:00
Wietze
80e3f67e44
Applying more specific subtechniques to At/Schtasks, closes LOLBAS-Project/LOLBAS#113 2021-11-05 19:33:59 +00:00
Wietze
4f7ec8d2af
MITRE ATT&CK realignment sprint 2021-11-05 18:58:26 +00:00
Ensar Şamil
97f5042a58
Update Certoc.yml (#168) 
Co-authored-by: Wietze <wietze@users.noreply.github.com>
 2021-10-27 10:02:52 +01:00
Oddvar Moe
5db35bb397 Updated msbuild with logger technique 2021-10-26 00:27:35 +02:00
Oddvar Moe
7aeed60864 Updated msbuild with logger technique 2021-10-26 00:19:57 +02:00
Oddvar Moe
b91c7ddab5 Updated msbuild with logger technique 2021-10-26 00:17:08 +02:00
Wietze
ca11578655
Archiving off legacy LOLUtilz 2021-10-25 21:32:59 +01:00
Wietze
fa3ff39cac
Update Nvudisp.yml 2021-10-25 12:33:19 +01:00
Wietze
d411d9572b
Create Finger.exe (#154) 
Closes #24, #123
 2021-10-25 12:30:32 +01:00
Wietze
eafc1982f0
Website update 2021-10-25 12:28:09 +01:00
Wietze
234eb99a7d
Formatting 2021-10-25 12:27:00 +01:00
Wietze
afe93672a4
Minor updates 2021-10-25 12:25:13 +01:00
Oddvar Moe
7a34f57a31
Update Procdump.yml 2021-10-22 16:49:59 +02:00
Oddvar Moe
e70295bc7c
Merge pull request #163 from ajpc500/master 
added procdump dll load
 2021-10-22 16:48:46 +02:00
Oddvar Moe
1b15eccf07
Merge branch 'master' into master 2021-10-22 16:46:18 +02:00
Oddvar Moe
58b5eb7513
Update OneDriveStandaloneUpdater.yml 2021-10-22 16:43:28 +02:00
Oddvar Moe
a509625acc
Update OneDriveStandaloneUpdater.yml 2021-10-22 16:41:56 +02:00
Oddvar Moe
70a061d301
Merge pull request #153 from elliotkillick/OneDriveStandaloneUpdater 
Create OneDriveStandaloneUpdater.yml
 2021-10-22 16:39:14 +02:00
Oddvar Moe
486b5fc1ef
Merge pull request #152 from elliotkillick/SettingSyncHost 
Create SettingSyncHost.yml
 2021-10-22 16:36:13 +02:00
Oddvar Moe
44f88df089
Update Cmdl32.yml 2021-10-22 16:34:41 +02:00
Oddvar Moe
ccb20e560c
Rename cmdl32.yml to Cmdl32.yml 2021-10-22 16:33:24 +02:00
Oddvar Moe
5a62424a79
Merge pull request #151 from elliotkillick/cmdl32 
Create cmdl32.yml
 2021-10-22 16:32:42 +02:00
Oddvar Moe
fb9b6d65d5
Update cmdl32.yml 2021-10-22 16:31:54 +02:00
Oddvar Moe
adcb7e0c57
Merge pull request #150 from elliotkillick/OfflineScannerShell 
Create OfflineScannerShell.yml
 2021-10-22 16:28:33 +02:00
Oddvar Moe
c04d90c533
Merge pull request #149 from elliotkillick/WorkFolders 
Create WorkFolders.yml
 2021-10-22 16:26:50 +02:00
Oddvar Moe
8c1b97629b
Merge pull request #146 from elliotkillick/PrintBrm 
Create PrintBrm.yml
 2021-10-22 16:21:21 +02:00
Oddvar Moe
d9e31e2291
Rename fltMC.yml to FltMC.yml 2021-10-22 16:04:27 +02:00
Oddvar Moe
6bda2344eb
Rename certoc.yml to Certoc.yml 2021-10-22 16:04:12 +02:00
Oddvar Moe
e32f944030
Merge pull request #162 from esebese/master 
Create certoc.yml
 2021-10-22 16:02:20 +02:00
Oddvar Moe
985bda094e
Merge pull request #164 from eral4m/master 
Create Stordiag.yml
 2021-10-22 15:58:35 +02:00
Oddvar Moe
30a9f90f5f
Update Stordiag.yml 2021-10-22 15:56:52 +02:00
Oddvar Moe
9f9af1cfee
Merge branch 'master' into feat/yamllinting 2021-10-22 15:20:35 +02:00
Oddvar Moe
a55e2249c1
Merge branch 'master' into fixing-yaml-issues 2021-10-22 14:53:09 +02:00
Elliot Killick
a1d7fd00c9
Acknowledge John Carroll and their resource 2021-10-21 05:36:18 -04:00
eral4m
8b49ca2054 Update Stordiag.yml 2021-10-21 10:30:54 +01:00
eral4m
b723258dbf Update Stordiag.yml 2021-10-21 10:30:31 +01:00
eral4m
6da5480936 Update Stordiag.yml 2021-10-21 10:14:04 +01:00
eral4m
fd2a31b43b Create Stordiag.yml 2021-10-21 10:00:47 +01:00
Elliot Killick
6fb1882a16
Add resources section 2021-10-18 23:38:45 -04:00
ajpc500
079e3cd72a added procdump dll load 2021-10-14 17:32:17 +01:00
Ensar Şamil
6b6fd3fd62
Create certoc.yml 2021-10-07 13:31:45 +03:00
antonioCoco
87bb8cfd3e
Update Rpcping.yml 2021-09-29 23:31:06 +02:00
antonioCoco
27b1f9bfb1
Update Rpcping.yml 2021-09-29 23:27:16 +02:00
bohops
741d0f7b36
Update CL_LoadAssembly.yml 2021-09-26 23:35:01 -04:00
root
b5357cdec0 Adding app-ctrl bypass bins and a few lolscripts 2021-09-26 23:31:30 -04:00
bohops
c48a5ea1ea
Merge pull request #159 from timwhitez/master 
Create VSIISExeLauncher.yml
 2021-09-25 22:51:39 -04:00
bohops
3475ce1213
Merge pull request #158 from JohnLaTwC/patch-1 
Add lolbin for fltMC.exe
 2021-09-25 22:47:30 -04:00
bohops
cab273394a
Merge pull request #126 from ahmadalsabagh/fix 
Fixed the resources link
 2021-09-25 22:30:23 -04:00
bohops
6c20e750e8
Merge pull request #144 from defensivedepth/patch-1 
Fix ART link
 2021-09-25 22:22:42 -04:00
bohops
198b421d15
Merge pull request #130 from whickey-r7/patch-3 
Create IMEWDBLD.yml
 2021-09-25 22:07:23 -04:00
bohops
c51df24076
Merge pull request #129 from SpookySec/cdb-update 
edited cdb.yml
 2021-09-25 21:40:09 -04:00
TimWhite
9336b4d599
Update VSIISExeLauncher.yml 2021-09-24 15:28:39 +08:00
TimWhite
559d9bc3ff
Create VSIISExeLauncher.yml 2021-09-24 15:28:01 +08:00
John Lambert
ecbc2f817f
Add lolbin for fltMC.exe 
Used by redteams for defense evasion to disable drivers used by agents like sysmon

https://www.darkoperator.com/blog/2018/10/5/operating-offensively-against-sysmon
https://github.com/oddcod3/Phantom-Evasion/blob/master/Modules/post-exploitation/Postex_CMD_UnloadSysmonDriver_windows.py
 2021-09-18 17:43:59 -07:00
Ruben
bb73c013fb
Update Finger.yml 
Fixed header and footer
 2021-08-30 13:30:52 +02:00
Rubén
670a5f1870 Create Finger.exe 2021-08-30 13:16:08 +02:00
Elliot Killick
6e047908a4
Create OneDriveStandaloneUpdater.yml 2021-08-28 05:16:35 -04:00
Elliot Killick
02207882f6
Create cmdl32.yml 2021-08-28 00:55:50 -04:00
Elliot Killick
3b1fd0ea8e
Create SettingSyncHost.yml 2021-08-26 13:35:15 -04:00
Elliot Killick
692a3bf4c2
Remove .exe from command and increase specificity 2021-08-26 12:49:43 -04:00
Elliot Killick
34af96f564
Remove .exe from command 2021-08-26 12:21:34 -04:00
Elliot Killick
084fb83984
Remove .exe from command and increase specificity 2021-08-26 12:07:04 -04:00
bohops
f51a70c03e
Merge pull request #143 from Efraim-Kaplan/patch-1 
Fixed Typo
 2021-08-26 09:08:40 -04:00
Elliot Killick
d521284bb9
Create DeviceCredentialDeployment.yml 2021-08-16 20:21:48 -04:00
Elliot Killick
26a15f55cf
Create OfflineScannerShell.yml 2021-08-16 19:46:47 -04:00
Elliot Killick
95baee85fd
Create WorkFolders.yml 2021-08-16 19:42:32 -04:00
Elliot Killick
5ba729ee1d
Create fsutil.yml 2021-08-16 19:37:37 -04:00
Elliot Killick
63af8cca3b
Add resources section and improve formatting 2021-07-10 11:54:35 -04:00
Josh Brower
87c3319ad4
Fix ART link 2021-07-06 13:56:24 -04:00
Efraim-Kaplan
ebf494ae4d
FIxed typo 
Replaced "handeling" with "handling".
 2021-07-02 17:33:53 -04:00
Elliot Killick
8f705bb7a4
Create PrintBrm.yml 
New lolbin for zipping & unzipping to and from UNC paths and ADS. The zip file could also serve as a useful form of obfuscation for evading detection.
 2021-06-22 02:11:27 +00:00
Parker McGee
bbf14cf4b9
Fix a typo in Findstr.yml 
`finstr.exe` should be `findstr.exe`
 2021-03-20 16:40:37 -04:00
Filipe Spencer Lopes
29acd82968 putting quotes around strings with special chars 2021-03-09 15:04:09 +01:00
Filipe Spencer Lopes
ff9f5cff3d Removing blank lines 2021-03-09 15:00:55 +01:00
Filipe Spencer Lopes
b0a321e4c4 Too many whitespaces 2021-03-09 14:58:44 +01:00
Filipe Spencer Lopes
a232cfa007 Too many empty lines 2021-03-09 14:57:47 +01:00
Filipe Spencer Lopes
13901ea496 Too many whitespaces 2021-03-09 14:57:01 +01:00
Filipe Spencer Lopes
56035a7d10 Too many whitespaces 2021-03-09 14:56:47 +01:00
whickey-r7
782bc68c7c
Create IMEWDBLD.yml 2021-03-05 11:35:06 -05:00
SpookySec
d539a7dacd edited cdb.yml 2021-02-12 22:26:16 +03:00
SpookySec
84de927a83 edited cdb.yml 2021-02-08 16:28:25 +03:00
ahmad
3ca7bdc542 Fixed the url 2021-01-22 06:33:58 -05:00
Oddvar Moe
7c1a4a7959
Merge pull request #125 from wokis/master 
Added detection by Microsoft Defender Antivirus as Behavior:Win32/UACBypassExp.T!gen
 2021-01-21 22:58:24 +01:00
Oddvar Moe
9ce6984dd7
Merge pull request #121 from ahmadalsabagh/adplus.exe 
Create Adplus.yml
 2021-01-21 22:56:34 +01:00
Oddvar Moe
b79a48f082 Fixed Category on pnputil 2021-01-21 22:54:58 +01:00
Oddvar Moe
515235a202
Merge pull request #120 from ahmadalsabagh/remote.exe 
Create remote.yml
 2021-01-21 22:52:24 +01:00
Oddvar Moe
2406d99f33
Rename pnputil.yml to Pnputil.yml 
Casing
 2021-01-21 22:49:19 +01:00
Oddvar Moe
64914b641c Adjusted error on pnputil yml file 2021-01-21 22:48:05 +01:00
Oddvar Moe
5b9c4f63dc
Merge pull request #118 from LuxNoBulIshit/master 
Pnputil.exe
 2021-01-21 22:42:40 +01:00
Oddvar Moe
394d3c66f9
Merge pull request #112 from zeroSteiner/patch-1 
Update the affected operating systems for SyncAppvPublishingServer
 2021-01-21 22:35:50 +01:00
Oddvar Moe
e9e458d6b7
Merge pull request #111 from michalani/patch-1 
Addded missing path for winword.exe
 2021-01-21 22:32:24 +01:00
Oddvar Moe
97176a0a07
Merge pull request #110 from whickey-r7/patch-2 
Create AppInstaller.yml
 2021-01-21 22:29:35 +01:00
Oddvar Moe
6774d228a5
Merge pull request #109 from unexpectedBy/patch-2 
Create DataSvcUtil.yml
 2021-01-21 22:24:02 +01:00
Oddvar Moe
1bf91d246a
Merge pull request #107 from nasbench/adding-dllhost-lolbin 
Create Dllhost.yml
 2021-01-21 22:20:03 +01:00
wokis
00935f154e
Update Wsreset.yml 
Added detection by Microsoft Defender Antivirus as Behavior:Win32/UACBypassExp.T!gen
 2021-01-20 14:47:23 +01:00
Wietze
2e08819eef
Fix Usecase field 2021-01-10 15:54:00 +00:00
Wietze
5012f95152
Fix Code_Sample field 2021-01-10 15:49:30 +00:00
Wietze
fc223eb3d8
Remove/fix unnecessary Categories field 2021-01-10 15:48:20 +00:00
Wietze
5ec4de562b
Fixed acknowledgements 2021-01-10 15:45:25 +00:00
Wietze
38f9a0a032
Fixed incorrect MItreLink 2021-01-10 15:26:27 +00:00
Wietze
14dca38278
Standardise date formats (see https://yaml.org/type/timestamp.html) 2021-01-10 15:04:52 +00:00
Wietze
de50a47957
Fix invalid YAML 2021-01-10 14:46:36 +00:00
Ahmad AS
be69f54245
Update Adplus.yml 2021-01-09 03:00:05 -05:00
ahmad
080fe4ca5b Create Adplus.yml 2021-01-09 02:56:32 -05:00
Ahmad AS
4254927f78
Update Remote.yml 2021-01-06 23:31:01 -05:00
ahmad
7dab1b916e Create remote.yml 2021-01-06 20:48:25 -05:00
LuxNoBu!!shit
0d819439c5
Create pnputil.exe 2020-12-25 12:14:15 -08:00
Spencer McIntyre
deb249042b
Update the affected operating systems for SyncAppvPublishingServer 2020-12-08 15:32:35 -05:00
michalani
36b28ddd98
Update Winword.yml 2020-12-03 01:03:08 +00:00
whickey-r7
b381d04faf
Create AppInstaller.yml 
New lolbin for downloading files in Windows 10.
 2020-12-02 11:35:49 -05:00
unload
bfe248b07e
Create DataSvcUtil.yml 
Another data exfil way with lolbins
 2020-12-01 22:57:09 -03:00
Nasreddine Bencherchali
15d5ff302d
Create Dllhost.yml 2020-11-07 14:22:24 +01:00
jesgal
483482e3a3
Create Upload.yml 
File describing the execution of LolBin Update.exe deployed with the installation of Whatsapp on Windows operating systems.
 2020-11-01 20:09:41 +01:00
jesgal
4c67be51c1
Delete Update.yml 2020-11-01 20:05:25 +01:00
jesgal
748cfb4223
Merge pull request #2 from jesgal/jesgal-persistence-update 
Update Update.yml
 2020-11-01 19:53:13 +01:00
jesgal
31c7d34a00
Create Update.yml 
This file describes LoLbin Update.exe deployed in the Whatsapp installation for Windows Operating Systems.
 2020-11-01 19:50:59 +01:00
jesgal
9642f81be7
Update Update.yml 
I update this LolBin to create persistence of payload.exe in the directory "%appdata%\Microsoft\Windows\Start Menu\Programs\Startup" by running payload.exe with the argument "--createShortcut" and "--removeShortcut".
 2020-10-29 09:12:28 +01:00
Conor Richard
d15172284a
Merge pull request #101 from leo1-1/master 
added command to certutil
 2020-10-26 19:44:53 -04:00
Conor Richard
5806d33e70
Update Certutil.yml 2020-10-26 19:43:55 -04:00
leo1-1
64d5dffc4b
Delete certutil.yml 2020-10-26 08:59:00 +02:00
leo1-1
76d79ea479
Update Certutil 2020-10-26 08:57:42 +02:00
leo1-1
2166960d4e
changed path 2020-10-26 08:22:58 +02:00
Conor Richard
9a83179ddd
Merge pull request #99 from dtmsecurity/master 
Create Wuauclt.yml
 2020-10-24 22:29:34 -04:00
Conor Richard
edbd01860c
Merge pull request #97 from MartinSohn/master 
Create Coregen.yml - Thank you for the contribution!
 2020-10-24 21:49:09 -04:00
Conor Richard
04c0e7ee38
Update Explorer.yml 
Fixing alignment in Acknowledgement section
 2020-10-22 22:00:05 -04:00
xenoscr
de169664d6 Finxing missing quotes 2020-10-22 21:51:57 -04:00
Conor Richard
b61cd18072
Merge pull request #94 from checkymander/master 
Create DefaultPack.yml
 2020-10-22 21:19:50 -04:00
Conor Richard
4f19dbba19
Merge pull request #93 from C3dr1cMFE/add_MpCmdRun_Bypass 
Update MpCmdRun.yml
 2020-10-22 21:05:37 -04:00
Conor Richard
d281faccd3
Merge pull request #92 from whickey-r7/patch-1 
Update Xwizard.yml
 2020-10-22 20:57:55 -04:00
Conor Richard
9a6309d8de
Update ConfigSecurityPolicy.yml 
Added link to Tweet from author containing an example usage.
 2020-10-22 20:38:50 -04:00
@dtmsecurity
651e156583
Create Wuauclt.yml 2020-10-12 19:24:45 +01:00
Martin
47c03c97b8
Typo 2020-10-10 19:54:50 +00:00
Martin
22d9bbe92a
Initial commit of Coregen.yml 2020-10-09 17:10:49 +02:00
checkymander
a45d4ca25c
Create DefaultPack.yml 
Added DefaultPack.EXE LOLBin
 2020-10-01 22:37:00 -04:00
Cochin, Cedric
13026a481b Update MpCmdRun.yml 
DownloadFile option has been removed from current MpCmdRun.exe, but old binary remains on disk. Defender cmd line mitigation can be bypassed by simply renaming the binary in a folder controlled by the attacker
 2020-09-24 14:09:58 -07:00
whickey-r7
11aa1e503b
Update Xwizard.yml 
This lolbin has functionality which allows downloading of files from the internet as well as previously outlined execution functionality.
 2020-09-16 16:34:47 +00:00
unload
6a5af9a71c
Create ConfigSecurityPolicy.yml 2020-09-04 07:54:44 -03:00
Rich Rumble
1b00b374b3
Updated per suggestion 
Thanks!
 2020-09-03 11:46:25 -04:00
Rich Rumble
3078cc3755
Update MpCmdRun.yml 
Added note that slashes (/) can also be used as command separators, and that the UA is MpCommunication
Thanks!
 2020-09-03 10:39:24 -04:00
Oddvar Moe
63c9bc97c3 Added detection details on mpcmdrun 2020-09-03 15:29:32 +02:00
Oddvar Moe
5c5a218faf Updated links on mpcmdrun 2020-09-03 11:00:56 +02:00
Oddvar Moe
bfccb51085 Added MpCmdRun.exe 2020-09-03 10:55:37 +02:00
Oddvar Moe
9a5e2b114f Fixed the OS versions on Diantz 2020-09-03 10:28:49 +02:00
Oddvar Moe
38a3d406b0
Update and rename pktmon.yml to Pktmon.yml 2020-08-24 09:51:48 +02:00
Oddvar Moe
2bb6404160
Merge pull request #82 from binar-x79/patch-1 
Create pktmon.yml
 2020-08-24 09:49:44 +02:00
Oddvar Moe
525fc0c1eb Added missing ticks in Diantz 2020-08-24 09:48:07 +02:00
Oddvar Moe
9b290ba808
Update and rename diantz.yml to Diantz.yml 2020-08-24 09:46:09 +02:00
Oddvar Moe
48219b177f
Merge pull request #80 from Tamirye/master 
Create diantz.yml
 2020-08-24 09:45:12 +02:00
Oddvar Moe
c5c6820c56
Rename agentexecutor.yml to Agentexecutor.yml 2020-08-24 09:42:07 +02:00
Oddvar Moe
a7da0deddd
Merge pull request #77 from leftp/master 
Added method for AgentExecutor
 2020-08-24 09:41:22 +02:00
Oddvar Moe
57346d17f4 Changed capitalization inside file 2020-08-24 09:34:56 +02:00
Oddvar Moe
4792d22ddd
Rename vbc.yml to Vbc.yml 2020-08-24 09:33:37 +02:00
Oddvar Moe
380b8cfecd
Rename ilasm.yml to Ilasm.yml 2020-08-24 09:33:22 +02:00
Oddvar Moe
fa3710ede5
Rename certreq.yml to Certreq.yml 2020-08-24 09:32:54 +02:00
Oddvar Moe
a104fbd075
Merge pull request #75 from dtmsecurity/master 
Create certreq.yml
 2020-08-24 09:30:16 +02:00
Oddvar Moe
2cf7d8cdeb Adjusted missing ticks in Acknowledgement 2020-08-24 09:28:38 +02:00
Oddvar Moe
84a6cd8e85
Merge pull request #66 from GoSecure/gosecure/ttdinject 
Added proxy execution for ttdinject.exe
 2020-08-24 09:25:29 +02:00
Oddvar Moe
8cf6ef53fb
Rename squirrel.yml to Squirrel.yml 2020-08-15 00:27:11 +02:00
Oddvar Moe
39f55359ef
Rename update.yml to Update.yml 2020-08-15 00:26:53 +02:00
Oddvar Moe
020416d098
Delete Update.yml 2020-08-15 00:26:35 +02:00
Oddvar Moe
4c44d039a1
Merge pull request #81 from jreegun/patch-6 
Update update.yml
 2020-08-15 00:24:45 +02:00
Oddvar Moe
b592be6027
Update Manage-bde.yml 
Remove extra -
 2020-08-15 00:17:27 +02:00
Oddvar Moe
2dabdb0840 adjusted extrac32 yml error 2020-08-15 00:13:16 +02:00
Oddvar Moe
a24bc5b946
Merge pull request #79 from LuxNoBulIshit/master 
add new usecase for Extrace32.exe
 2020-08-15 00:05:37 +02:00
Oddvar Moe
631996950a
Update Extrac32.yml 2020-08-15 00:05:16 +02:00
binar-x79
eb0279838b
Create pktmon.yml 2020-08-12 22:04:03 -07:00
Reegun J
ed1e113460
Update update.yml 
Hi, I have updated with new findings - Reegun
 2020-08-10 11:31:48 +08:00
Tamirye
4db780e0f0
Create diantz.yml 
use daintz.exe to download and compress a binary file from a remote server\internet or use it to store file in Alternate data stream.
 2020-08-08 15:09:53 +03:00
LuxNoBu!!shit
be19ca53ed
Update Extrac32.yml 2020-08-08 15:02:05 +03:00
LuxNoBu!!shit
2450b9fc0a
Update Extrac32.yml 2020-08-08 15:01:46 +03:00
LuxNoBu!!shit
3a3d28e496
Update Extrac32.yml 
another use case for extrace32.
 2020-08-08 14:59:15 +03:00
Chris "Lopi" Spehn
689c3b1fea
Update Regsvcs.yml 
Fixed inaccurate permissions
 2020-08-04 07:40:48 -06:00
Eleftherios Panos
3710c1c972 Added method for AgentExecutor 2020-07-23 13:58:30 +03:00
@dtmsecurity
aa88bf8144 Create certreq.yml 2020-07-07 21:09:06 +01:00
Maxime Nadeau
640e7f2d65 Added a Windows 10 2004 version 2020-07-03 16:59:53 -04:00
bohops
343a0e2478
Added plain explorer execution 2020-07-03 15:03:07 -04:00
bohops
92f020b885
Added dotnet msbuild awl bypass technique 2020-07-03 14:56:06 -04:00
bohops
a976eaefe1
Updated Mitre Reference - T1096 2020-07-03 10:35:01 -04:00
bohops
f1a7ad92dd
Changed privilege level for registration 2020-07-03 10:24:34 -04:00
bohops
e316cb4842
Delete Slmgr - COM Hijacks are too broad 2020-07-03 10:15:06 -04:00
bohops
12cdb47285
Removed COM Hijack 2020-07-03 10:07:18 -04:00
bohops
17a34e27f6
Added Twitter reference for use "in-the-wild" 2020-07-03 10:03:42 -04:00
Oddvar Moe
cb3a45008e Added regini.exe writing to registry using ADS 2020-07-03 15:40:58 +02:00
Oddvar Moe
420860e5f7 Adjusted some missing quotes and stuff on Dekstopimgdownldr 2020-07-03 15:05:33 +02:00
Oddvar Moe
7dfbc7af67
Update and rename desktopimgdownldr.yml to Desktopimgdownldr.yml 
Changed capitalization
 2020-07-03 15:04:09 +02:00
Oddvar Moe
c5866efc41
Merge pull request #74 from Kristal-g/master 
Added desktopimgdownldr.exe
 2020-07-03 15:03:10 +02:00
Oddvar Moe
dac58c312f Fixed some missing quotes and stuff on psr.exe 2020-07-03 14:59:50 +02:00
Oddvar Moe
17db28c643
Merge pull request #73 from Lemonada/master 
Add psr.exe
 2020-07-03 14:58:26 +02:00
Oddvar Moe
416680941d
Rename explorer.yml to Explorer.yml 
Changed capitalization
 2020-07-03 14:52:29 +02:00
Oddvar Moe
8bb57e1ac5
Merge pull request #72 from JPMinty/master 
Create explorer.yml
 2020-07-03 14:50:07 +02:00
Oddvar Moe
c31053e6bd
Merge pull request #70 from cnotin/patch-1 
sqldumper: minor fix mis-typed words
 2020-07-03 14:34:02 +02:00
Oddvar Moe
8ce4c1497d
Merge pull request #64 from noraj/patch-1 
Download for ftp.exe
 2020-07-03 14:08:32 +02:00
Oddvar Moe
794d3c04cc Added Acknowledgement to rundll32 2020-07-03 14:03:51 +02:00
Oddvar Moe
604eb45fb4
Merge pull request #61 from MartinIngesen/master 
Using rundll32 to execute dll from a SMB share
 2020-07-03 14:01:12 +02:00
Kristal-g
fd01a9151a Added desktopimgdownldr.exe 2020-07-02 20:46:05 +03:00
Lemonada
2a5a4e391d
Create Psr.yml 
take screenshots of user sessions
 2020-06-27 14:51:07 +03:00
JPMinty
663724523f Update explorer.yml 2020-06-24 21:15:40 +09:30
JPMinty
dec26ada21 Create explorer.yml 2020-06-24 21:09:59 +09:30
Clément Notin
ae3d9b9b6b
sqldumper: minor fix mis-typed words 2020-06-15 23:33:34 +02:00
Maxime Nadeau
b95fb7ed27 Added the IOCs 2020-05-12 16:40:49 -04:00
Maxime Nadeau
b8b265b397 Added ttdinject 2020-05-12 16:31:47 -04:00
Maxime Nadeau
5de8d357b6 Added ttdinject.exe 2020-05-12 16:24:49 -04:00
Alexandre ZANNI
aef4b06952
Download for ftp.exe 
add a non-interactive one-line command to download arbitrary binary with ftp.exe
excessively useful on Windows XP, & Windows Server 2003 where all other LOLBAS that allow download (certutils, bitsutils, etc.) don't exist and where powershell was not install by default.
 2020-04-21 23:52:22 +02:00
Oddvar Moe
9722cceb9e Added download example to wsl.exe 2020-03-25 11:33:02 +01:00
Oddvar Moe
9f110bce07 Fixed missing octet in command 2020-03-25 11:24:54 +01:00
Oddvar Moe
6ac04d73d7 Added examples to bash.exe 2020-03-25 11:08:13 +01:00
Oddvar Moe
f2fa2ef989 Added additional example to wsl.exe 2020-03-25 10:26:59 +01:00
Chris "Lopi" Spehn
d67c8f5c11
Update RegAsm to the correct permissions 2020-03-20 11:51:21 -06:00
Martin Ingesen
e4face79af Using rundll32 to execute dll via SMB 2020-03-18 15:20:50 +01:00
Oddvar Moe
cce7c5ce3a Adjusted error in atbroker as per issue #47 2020-03-17 11:08:47 +01:00
Oddvar Moe
94d10799d3 Adjusted ilasm 2020-03-17 11:05:14 +01:00
Oddvar Moe
187786469c
Merge pull request #60 from LuxNoBulIshit/master 
Create ilasm.yml
 2020-03-17 10:57:53 +01:00
Oddvar Moe
dc3a211c89 Re-added ntdsutil 2020-03-17 10:55:59 +01:00
LuxNoBu!!shit
7a2ff4c250
Create ilasm.yml 2020-03-17 03:04:20 +02:00
Oddvar Moe
4bef10b147 adjusted rasautou and removed ntdsutil 2020-03-16 20:10:17 +01:00
Oddvar Moe
80295ef865
Merge pull request #54 from ForensicITGuy/ntdsutil 
Ntdsutil & Rasautou addition
 2020-03-16 20:06:54 +01:00
Oddvar Moe
81c363ac8a Adjustment to vbc.yml contribution 2020-03-16 19:55:27 +01:00