public-mirrors/LOLBAS
1
0
Fork 0
mirror of https://github.com/LOLBAS-Project/LOLBAS synced 2024-12-28 15:58:24 +01:00
Code Issues Projects Releases Wiki Activity
753 Commits 4 Branches 0 Tags 11 MiB
41dc3d9c2f
Commit Graph

580 Commits

Author SHA1 Message Date
Elliot Killick
63af8cca3b
Add resources section and improve formatting 2021-07-10 11:54:35 -04:00
Josh Brower
87c3319ad4
Fix ART link 2021-07-06 13:56:24 -04:00
Efraim-Kaplan
ebf494ae4d
FIxed typo 
Replaced "handeling" with "handling".
 2021-07-02 17:33:53 -04:00
Elliot Killick
8f705bb7a4
Create PrintBrm.yml 
New lolbin for zipping & unzipping to and from UNC paths and ADS. The zip file could also serve as a useful form of obfuscation for evading detection.
 2021-06-22 02:11:27 +00:00
Parker McGee
bbf14cf4b9
Fix a typo in Findstr.yml 
`finstr.exe` should be `findstr.exe`
 2021-03-20 16:40:37 -04:00
Filipe Spencer Lopes
29acd82968 putting quotes around strings with special chars 2021-03-09 15:04:09 +01:00
Filipe Spencer Lopes
ff9f5cff3d Removing blank lines 2021-03-09 15:00:55 +01:00
Filipe Spencer Lopes
b0a321e4c4 Too many whitespaces 2021-03-09 14:58:44 +01:00
Filipe Spencer Lopes
a232cfa007 Too many empty lines 2021-03-09 14:57:47 +01:00
Filipe Spencer Lopes
13901ea496 Too many whitespaces 2021-03-09 14:57:01 +01:00
Filipe Spencer Lopes
56035a7d10 Too many whitespaces 2021-03-09 14:56:47 +01:00
whickey-r7
782bc68c7c
Create IMEWDBLD.yml 2021-03-05 11:35:06 -05:00
SpookySec
d539a7dacd edited cdb.yml 2021-02-12 22:26:16 +03:00
SpookySec
84de927a83 edited cdb.yml 2021-02-08 16:28:25 +03:00
ahmad
3ca7bdc542 Fixed the url 2021-01-22 06:33:58 -05:00
Oddvar Moe
7c1a4a7959
Merge pull request #125 from wokis/master 
Added detection by Microsoft Defender Antivirus as Behavior:Win32/UACBypassExp.T!gen
 2021-01-21 22:58:24 +01:00
Oddvar Moe
9ce6984dd7
Merge pull request #121 from ahmadalsabagh/adplus.exe 
Create Adplus.yml
 2021-01-21 22:56:34 +01:00
Oddvar Moe
b79a48f082 Fixed Category on pnputil 2021-01-21 22:54:58 +01:00
Oddvar Moe
515235a202
Merge pull request #120 from ahmadalsabagh/remote.exe 
Create remote.yml
 2021-01-21 22:52:24 +01:00
Oddvar Moe
2406d99f33
Rename pnputil.yml to Pnputil.yml 
Casing
 2021-01-21 22:49:19 +01:00
Oddvar Moe
64914b641c Adjusted error on pnputil yml file 2021-01-21 22:48:05 +01:00
Oddvar Moe
5b9c4f63dc
Merge pull request #118 from LuxNoBulIshit/master 
Pnputil.exe
 2021-01-21 22:42:40 +01:00
Oddvar Moe
394d3c66f9
Merge pull request #112 from zeroSteiner/patch-1 
Update the affected operating systems for SyncAppvPublishingServer
 2021-01-21 22:35:50 +01:00
Oddvar Moe
e9e458d6b7
Merge pull request #111 from michalani/patch-1 
Addded missing path for winword.exe
 2021-01-21 22:32:24 +01:00
Oddvar Moe
97176a0a07
Merge pull request #110 from whickey-r7/patch-2 
Create AppInstaller.yml
 2021-01-21 22:29:35 +01:00
Oddvar Moe
6774d228a5
Merge pull request #109 from unexpectedBy/patch-2 
Create DataSvcUtil.yml
 2021-01-21 22:24:02 +01:00
Oddvar Moe
1bf91d246a
Merge pull request #107 from nasbench/adding-dllhost-lolbin 
Create Dllhost.yml
 2021-01-21 22:20:03 +01:00
wokis
00935f154e
Update Wsreset.yml 
Added detection by Microsoft Defender Antivirus as Behavior:Win32/UACBypassExp.T!gen
 2021-01-20 14:47:23 +01:00
Wietze
2e08819eef
Fix Usecase field 2021-01-10 15:54:00 +00:00
Wietze
5012f95152
Fix Code_Sample field 2021-01-10 15:49:30 +00:00
Wietze
fc223eb3d8
Remove/fix unnecessary Categories field 2021-01-10 15:48:20 +00:00
Wietze
5ec4de562b
Fixed acknowledgements 2021-01-10 15:45:25 +00:00
Wietze
38f9a0a032
Fixed incorrect MItreLink 2021-01-10 15:26:27 +00:00
Wietze
14dca38278
Standardise date formats (see https://yaml.org/type/timestamp.html) 2021-01-10 15:04:52 +00:00
Wietze
de50a47957
Fix invalid YAML 2021-01-10 14:46:36 +00:00
Ahmad AS
be69f54245
Update Adplus.yml 2021-01-09 03:00:05 -05:00
ahmad
080fe4ca5b Create Adplus.yml 2021-01-09 02:56:32 -05:00
Ahmad AS
4254927f78
Update Remote.yml 2021-01-06 23:31:01 -05:00
ahmad
7dab1b916e Create remote.yml 2021-01-06 20:48:25 -05:00
LuxNoBu!!shit
0d819439c5
Create pnputil.exe 2020-12-25 12:14:15 -08:00
Spencer McIntyre
deb249042b
Update the affected operating systems for SyncAppvPublishingServer 2020-12-08 15:32:35 -05:00
michalani
36b28ddd98
Update Winword.yml 2020-12-03 01:03:08 +00:00
whickey-r7
b381d04faf
Create AppInstaller.yml 
New lolbin for downloading files in Windows 10.
 2020-12-02 11:35:49 -05:00
unload
bfe248b07e
Create DataSvcUtil.yml 
Another data exfil way with lolbins
 2020-12-01 22:57:09 -03:00
Nasreddine Bencherchali
15d5ff302d
Create Dllhost.yml 2020-11-07 14:22:24 +01:00
jesgal
483482e3a3
Create Upload.yml 
File describing the execution of LolBin Update.exe deployed with the installation of Whatsapp on Windows operating systems.
 2020-11-01 20:09:41 +01:00
jesgal
4c67be51c1
Delete Update.yml 2020-11-01 20:05:25 +01:00
jesgal
748cfb4223
Merge pull request #2 from jesgal/jesgal-persistence-update 
Update Update.yml
 2020-11-01 19:53:13 +01:00
jesgal
31c7d34a00
Create Update.yml 
This file describes LoLbin Update.exe deployed in the Whatsapp installation for Windows Operating Systems.
 2020-11-01 19:50:59 +01:00
jesgal
9642f81be7
Update Update.yml 
I update this LolBin to create persistence of payload.exe in the directory "%appdata%\Microsoft\Windows\Start Menu\Programs\Startup" by running payload.exe with the argument "--createShortcut" and "--removeShortcut".
 2020-10-29 09:12:28 +01:00
Conor Richard
d15172284a
Merge pull request #101 from leo1-1/master 
added command to certutil
 2020-10-26 19:44:53 -04:00
Conor Richard
5806d33e70
Update Certutil.yml 2020-10-26 19:43:55 -04:00
leo1-1
64d5dffc4b
Delete certutil.yml 2020-10-26 08:59:00 +02:00
leo1-1
76d79ea479
Update Certutil 2020-10-26 08:57:42 +02:00
leo1-1
2166960d4e
changed path 2020-10-26 08:22:58 +02:00
Conor Richard
9a83179ddd
Merge pull request #99 from dtmsecurity/master 
Create Wuauclt.yml
 2020-10-24 22:29:34 -04:00
Conor Richard
edbd01860c
Merge pull request #97 from MartinSohn/master 
Create Coregen.yml - Thank you for the contribution!
 2020-10-24 21:49:09 -04:00
Conor Richard
04c0e7ee38
Update Explorer.yml 
Fixing alignment in Acknowledgement section
 2020-10-22 22:00:05 -04:00
xenoscr
de169664d6 Finxing missing quotes 2020-10-22 21:51:57 -04:00
Conor Richard
b61cd18072
Merge pull request #94 from checkymander/master 
Create DefaultPack.yml
 2020-10-22 21:19:50 -04:00
Conor Richard
4f19dbba19
Merge pull request #93 from C3dr1cMFE/add_MpCmdRun_Bypass 
Update MpCmdRun.yml
 2020-10-22 21:05:37 -04:00
Conor Richard
d281faccd3
Merge pull request #92 from whickey-r7/patch-1 
Update Xwizard.yml
 2020-10-22 20:57:55 -04:00
Conor Richard
9a6309d8de
Update ConfigSecurityPolicy.yml 
Added link to Tweet from author containing an example usage.
 2020-10-22 20:38:50 -04:00
@dtmsecurity
651e156583
Create Wuauclt.yml 2020-10-12 19:24:45 +01:00
Martin
47c03c97b8
Typo 2020-10-10 19:54:50 +00:00
Martin
22d9bbe92a
Initial commit of Coregen.yml 2020-10-09 17:10:49 +02:00
checkymander
a45d4ca25c
Create DefaultPack.yml 
Added DefaultPack.EXE LOLBin
 2020-10-01 22:37:00 -04:00
Cochin, Cedric
13026a481b Update MpCmdRun.yml 
DownloadFile option has been removed from current MpCmdRun.exe, but old binary remains on disk. Defender cmd line mitigation can be bypassed by simply renaming the binary in a folder controlled by the attacker
 2020-09-24 14:09:58 -07:00
whickey-r7
11aa1e503b
Update Xwizard.yml 
This lolbin has functionality which allows downloading of files from the internet as well as previously outlined execution functionality.
 2020-09-16 16:34:47 +00:00
unload
6a5af9a71c
Create ConfigSecurityPolicy.yml 2020-09-04 07:54:44 -03:00
Rich Rumble
1b00b374b3
Updated per suggestion 
Thanks!
 2020-09-03 11:46:25 -04:00
Rich Rumble
3078cc3755
Update MpCmdRun.yml 
Added note that slashes (/) can also be used as command separators, and that the UA is MpCommunication
Thanks!
 2020-09-03 10:39:24 -04:00
Oddvar Moe
63c9bc97c3 Added detection details on mpcmdrun 2020-09-03 15:29:32 +02:00
Oddvar Moe
5c5a218faf Updated links on mpcmdrun 2020-09-03 11:00:56 +02:00
Oddvar Moe
bfccb51085 Added MpCmdRun.exe 2020-09-03 10:55:37 +02:00
Oddvar Moe
9a5e2b114f Fixed the OS versions on Diantz 2020-09-03 10:28:49 +02:00
Oddvar Moe
38a3d406b0
Update and rename pktmon.yml to Pktmon.yml 2020-08-24 09:51:48 +02:00
Oddvar Moe
2bb6404160
Merge pull request #82 from binar-x79/patch-1 
Create pktmon.yml
 2020-08-24 09:49:44 +02:00
Oddvar Moe
525fc0c1eb Added missing ticks in Diantz 2020-08-24 09:48:07 +02:00
Oddvar Moe
9b290ba808
Update and rename diantz.yml to Diantz.yml 2020-08-24 09:46:09 +02:00
Oddvar Moe
48219b177f
Merge pull request #80 from Tamirye/master 
Create diantz.yml
 2020-08-24 09:45:12 +02:00
Oddvar Moe
c5c6820c56
Rename agentexecutor.yml to Agentexecutor.yml 2020-08-24 09:42:07 +02:00
Oddvar Moe
a7da0deddd
Merge pull request #77 from leftp/master 
Added method for AgentExecutor
 2020-08-24 09:41:22 +02:00
Oddvar Moe
57346d17f4 Changed capitalization inside file 2020-08-24 09:34:56 +02:00
Oddvar Moe
4792d22ddd
Rename vbc.yml to Vbc.yml 2020-08-24 09:33:37 +02:00
Oddvar Moe
380b8cfecd
Rename ilasm.yml to Ilasm.yml 2020-08-24 09:33:22 +02:00
Oddvar Moe
fa3710ede5
Rename certreq.yml to Certreq.yml 2020-08-24 09:32:54 +02:00
Oddvar Moe
a104fbd075
Merge pull request #75 from dtmsecurity/master 
Create certreq.yml
 2020-08-24 09:30:16 +02:00
Oddvar Moe
2cf7d8cdeb Adjusted missing ticks in Acknowledgement 2020-08-24 09:28:38 +02:00
Oddvar Moe
84a6cd8e85
Merge pull request #66 from GoSecure/gosecure/ttdinject 
Added proxy execution for ttdinject.exe
 2020-08-24 09:25:29 +02:00
Oddvar Moe
8cf6ef53fb
Rename squirrel.yml to Squirrel.yml 2020-08-15 00:27:11 +02:00
Oddvar Moe
39f55359ef
Rename update.yml to Update.yml 2020-08-15 00:26:53 +02:00
Oddvar Moe
020416d098
Delete Update.yml 2020-08-15 00:26:35 +02:00
Oddvar Moe
4c44d039a1
Merge pull request #81 from jreegun/patch-6 
Update update.yml
 2020-08-15 00:24:45 +02:00
Oddvar Moe
b592be6027
Update Manage-bde.yml 
Remove extra -
 2020-08-15 00:17:27 +02:00
Oddvar Moe
2dabdb0840 adjusted extrac32 yml error 2020-08-15 00:13:16 +02:00
Oddvar Moe
a24bc5b946
Merge pull request #79 from LuxNoBulIshit/master 
add new usecase for Extrace32.exe
 2020-08-15 00:05:37 +02:00
Oddvar Moe
631996950a
Update Extrac32.yml 2020-08-15 00:05:16 +02:00
binar-x79
eb0279838b
Create pktmon.yml 2020-08-12 22:04:03 -07:00
Reegun J
ed1e113460
Update update.yml 
Hi, I have updated with new findings - Reegun
 2020-08-10 11:31:48 +08:00
Tamirye
4db780e0f0
Create diantz.yml 
use daintz.exe to download and compress a binary file from a remote server\internet or use it to store file in Alternate data stream.
 2020-08-08 15:09:53 +03:00
LuxNoBu!!shit
be19ca53ed
Update Extrac32.yml 2020-08-08 15:02:05 +03:00
LuxNoBu!!shit
2450b9fc0a
Update Extrac32.yml 2020-08-08 15:01:46 +03:00
LuxNoBu!!shit
3a3d28e496
Update Extrac32.yml 
another use case for extrace32.
 2020-08-08 14:59:15 +03:00
Chris "Lopi" Spehn
689c3b1fea
Update Regsvcs.yml 
Fixed inaccurate permissions
 2020-08-04 07:40:48 -06:00
Eleftherios Panos
3710c1c972 Added method for AgentExecutor 2020-07-23 13:58:30 +03:00
@dtmsecurity
aa88bf8144 Create certreq.yml 2020-07-07 21:09:06 +01:00
Maxime Nadeau
640e7f2d65 Added a Windows 10 2004 version 2020-07-03 16:59:53 -04:00
bohops
343a0e2478
Added plain explorer execution 2020-07-03 15:03:07 -04:00
bohops
92f020b885
Added dotnet msbuild awl bypass technique 2020-07-03 14:56:06 -04:00
bohops
a976eaefe1
Updated Mitre Reference - T1096 2020-07-03 10:35:01 -04:00
bohops
f1a7ad92dd
Changed privilege level for registration 2020-07-03 10:24:34 -04:00
bohops
e316cb4842
Delete Slmgr - COM Hijacks are too broad 2020-07-03 10:15:06 -04:00
bohops
12cdb47285
Removed COM Hijack 2020-07-03 10:07:18 -04:00
bohops
17a34e27f6
Added Twitter reference for use "in-the-wild" 2020-07-03 10:03:42 -04:00
Oddvar Moe
cb3a45008e Added regini.exe writing to registry using ADS 2020-07-03 15:40:58 +02:00
Oddvar Moe
420860e5f7 Adjusted some missing quotes and stuff on Dekstopimgdownldr 2020-07-03 15:05:33 +02:00
Oddvar Moe
7dfbc7af67
Update and rename desktopimgdownldr.yml to Desktopimgdownldr.yml 
Changed capitalization
 2020-07-03 15:04:09 +02:00
Oddvar Moe
c5866efc41
Merge pull request #74 from Kristal-g/master 
Added desktopimgdownldr.exe
 2020-07-03 15:03:10 +02:00
Oddvar Moe
dac58c312f Fixed some missing quotes and stuff on psr.exe 2020-07-03 14:59:50 +02:00
Oddvar Moe
17db28c643
Merge pull request #73 from Lemonada/master 
Add psr.exe
 2020-07-03 14:58:26 +02:00
Oddvar Moe
416680941d
Rename explorer.yml to Explorer.yml 
Changed capitalization
 2020-07-03 14:52:29 +02:00
Oddvar Moe
8bb57e1ac5
Merge pull request #72 from JPMinty/master 
Create explorer.yml
 2020-07-03 14:50:07 +02:00
Oddvar Moe
c31053e6bd
Merge pull request #70 from cnotin/patch-1 
sqldumper: minor fix mis-typed words
 2020-07-03 14:34:02 +02:00
Oddvar Moe
8ce4c1497d
Merge pull request #64 from noraj/patch-1 
Download for ftp.exe
 2020-07-03 14:08:32 +02:00
Oddvar Moe
794d3c04cc Added Acknowledgement to rundll32 2020-07-03 14:03:51 +02:00
Oddvar Moe
604eb45fb4
Merge pull request #61 from MartinIngesen/master 
Using rundll32 to execute dll from a SMB share
 2020-07-03 14:01:12 +02:00
Kristal-g
fd01a9151a Added desktopimgdownldr.exe 2020-07-02 20:46:05 +03:00
Lemonada
2a5a4e391d
Create Psr.yml 
take screenshots of user sessions
 2020-06-27 14:51:07 +03:00
JPMinty
663724523f Update explorer.yml 2020-06-24 21:15:40 +09:30
JPMinty
dec26ada21 Create explorer.yml 2020-06-24 21:09:59 +09:30
Clément Notin
ae3d9b9b6b
sqldumper: minor fix mis-typed words 2020-06-15 23:33:34 +02:00
Maxime Nadeau
b95fb7ed27 Added the IOCs 2020-05-12 16:40:49 -04:00
Maxime Nadeau
b8b265b397 Added ttdinject 2020-05-12 16:31:47 -04:00
Maxime Nadeau
5de8d357b6 Added ttdinject.exe 2020-05-12 16:24:49 -04:00
Alexandre ZANNI
aef4b06952
Download for ftp.exe 
add a non-interactive one-line command to download arbitrary binary with ftp.exe
excessively useful on Windows XP, & Windows Server 2003 where all other LOLBAS that allow download (certutils, bitsutils, etc.) don't exist and where powershell was not install by default.
 2020-04-21 23:52:22 +02:00
Oddvar Moe
9722cceb9e Added download example to wsl.exe 2020-03-25 11:33:02 +01:00
Oddvar Moe
9f110bce07 Fixed missing octet in command 2020-03-25 11:24:54 +01:00
Oddvar Moe
6ac04d73d7 Added examples to bash.exe 2020-03-25 11:08:13 +01:00
Oddvar Moe
f2fa2ef989 Added additional example to wsl.exe 2020-03-25 10:26:59 +01:00
Chris "Lopi" Spehn
d67c8f5c11
Update RegAsm to the correct permissions 2020-03-20 11:51:21 -06:00
Martin Ingesen
e4face79af Using rundll32 to execute dll via SMB 2020-03-18 15:20:50 +01:00
Oddvar Moe
cce7c5ce3a Adjusted error in atbroker as per issue #47 2020-03-17 11:08:47 +01:00
Oddvar Moe
94d10799d3 Adjusted ilasm 2020-03-17 11:05:14 +01:00
Oddvar Moe
187786469c
Merge pull request #60 from LuxNoBulIshit/master 
Create ilasm.yml
 2020-03-17 10:57:53 +01:00
Oddvar Moe
dc3a211c89 Re-added ntdsutil 2020-03-17 10:55:59 +01:00
LuxNoBu!!shit
7a2ff4c250
Create ilasm.yml 2020-03-17 03:04:20 +02:00
Oddvar Moe
4bef10b147 adjusted rasautou and removed ntdsutil 2020-03-16 20:10:17 +01:00
Oddvar Moe
80295ef865
Merge pull request #54 from ForensicITGuy/ntdsutil 
Ntdsutil & Rasautou addition
 2020-03-16 20:06:54 +01:00
Oddvar Moe
81c363ac8a Adjustment to vbc.yml contribution 2020-03-16 19:55:27 +01:00
leo1-1
c7c93e9f95
Create vbc.yml 2020-02-27 17:13:07 +02:00
Oddvar Moe
acecdcf3df Netsh contribution from Freddie Bar-Smith - Thank you 2020-01-23 09:07:40 +01:00
Oddvar Moe
94708ac5d6 Added links to obfuscation technique from Sailay(valen) on rundll32 2020-01-23 08:57:43 +01:00
Tony M Lambert
e2f217c777 ntdsutil addition 2020-01-10 22:53:34 -06:00
Tony M Lambert
99b87fdc13 Rasautou addition 2020-01-10 22:52:15 -06:00
Oddvar Moe
ecc94c2d09 Adjusted GfxDownloadWrapper 2020-01-07 09:08:13 +01:00
Oddvar Moe
71aec7465b Minor adjustments to GfxDownloadWrapper.yml 2020-01-07 09:03:42 +01:00
Oddvar Moe
aada926e6f
Merge pull request #52 from jesgal/patch-1 
Create GfxDownloadWrapper.yml
 2020-01-07 09:00:58 +01:00
Oddvar Moe
22ef6bfc63 Added additional paths to CL_MutexVerifiers.ps1 - input from @shilpeshTrivedi 2020-01-07 08:45:25 +01:00
Oddvar Moe
7030e00929 Capitalized dotnet name 2020-01-07 08:40:24 +01:00
Oddvar Moe
e1b36a25bd
Rename dotnet.yml to Dotnet.yml 2020-01-07 08:37:36 +01:00
Oddvar Moe
acd38cec9e
Merge pull request #49 from felamos/master 
Create dotnet.yml
 2020-01-07 08:32:35 +01:00
jesgal
c9e608ce0f
Update GfxDownloadWrapper.yml 2019-12-27 17:11:30 +01:00
jesgal
a057cf2420
Create GfxDownloadWrapper.yml 
GfxDownloadWrapper.exe downloads the content that returns <URL> and writes it to the file <DESTINATION FILE PATH>. The binary is signed by "Microsoft Windows Hardware", "Compatibility Publisher", "Microsoft Windows Third Party Component CA 2012", "Microsoft Time-Stamp PCA 2010", "Microsoft Time-Stamp Service".
 2019-12-27 17:02:34 +01:00
Ayush Sahay
5cb17cfb26
Create dotnet.yml 2019-12-11 15:53:12 +05:30
Oddvar Moe
94a295213e Added Dump example to TTTracer.exe 2019-11-18 12:50:49 +01:00
Oddvar Moe
e0db5721ff Added Dump Example to TTTracer.exe 2019-11-18 12:47:51 +01:00
Oddvar Moe
4663c13324 Adjustment 2019-11-05 15:47:20 +01:00
Oddvar Moe
8d74b3062f Adjustment 2019-11-05 14:36:53 +01:00
Oddvar Moe
f9a7c42a85 Added TTTracer.exe - Thanks Onur Ulusoy 2019-11-05 12:12:46 +01:00
Oddvar Moe
13093c879e Updated odbcconf.exe with discovery from @Hexacorn <3 2019-10-24 10:01:44 +02:00
Oddvar Moe
cb9fa974dd
Merge pull request #46 from felamos/patch-1 
Create devtoolslauncher.yml
 2019-10-07 23:56:01 +02:00
Oddvar Moe
7469812286
Update and rename devtoolslauncher.yml to Devtoolslauncher.yml 2019-10-07 23:55:44 +02:00
Oddvar Moe
8eb582de42
Update At.yml 2019-10-07 23:51:26 +02:00
Ayush Sahay
134b272567
Update devtoolslauncher.yml 2019-10-07 12:15:47 +05:30
Ayush Sahay
0fe0504622
Update devtoolslauncher.yml 2019-10-04 10:20:38 +05:30
Ayush Sahay
48ed8f7914
Create devtoolslauncher.yml 2019-10-04 09:29:59 +05:30
freddie
9f47e26f16 Adding At.exe, for submission to LOLbas list, with proof of malware using it in wild :O 2019-09-21 03:19:25 +01:00
Oddvar Moe
32757cd0c3 Added Office binaries from jreegun to the project. Pull request 42 2019-09-17 22:58:03 +02:00
Oddvar Moe
0644ac30d7 Added Office binaries from jreegun to the project. Pull request 42 2019-09-17 22:44:27 +02:00
Oddvar Moe
ed266c0983 Fixed some typos 2019-09-17 20:45:49 +02:00
Oddvar Moe
8762fc5735 Acknowledgement fix for comsvcs 2019-09-16 09:50:01 +02:00
Oddvar Moe
4ebf1ac4f7 Adjusted case sensitive type in yml file for Comsvcs 2019-09-16 09:44:14 +02:00
Oddvar Moe
11c6c7c48d Adjusted 2019-09-16 09:38:05 +02:00
plowsec
dd5df7cf3e
Add Comsvcs.yml: dump lsass via signed DLL. 2019-08-30 14:12:46 +02:00
Oddvar Moe
5b63815c0a Updated update and squirrel with updaterollback parameter 2019-07-02 09:06:19 +02:00
Oddvar Moe
8fcc9a105a Fixed spacing error 2019-06-28 18:07:24 +02:00
Oddvar Moe
8528caf21d Added Acknowledgement to wsl.exe 2019-06-28 18:05:34 +02:00
Oddvar Moe
f77b3b4019 Fixed spacing issue 2019-06-28 17:53:45 +02:00
Oddvar Moe
dd545693da
Merge pull request #40 from NotoriousRebel/master 
Create Wsl.yml
 2019-06-28 17:50:13 +02:00
NotoriousRebel
ff0155f599 Moved Wsl.yml location to OtherMSBinaries and added another example for possible usecases. 2019-06-28 09:20:56 -04:00
Oddvar Moe
e05ae6c051 Adjusted Update and Squirrel 2019-06-28 09:05:27 +02:00
Oddvar Moe
3be3e5f3f8 Added link to reegun blog 2019-06-28 08:48:41 +02:00
NotoriousRebel
ff7dd5893b Added Wsl.yml 2019-06-27 15:39:12 -04:00
Oddvar Moe
b284e46763 Added example to wscript 2019-06-27 17:27:31 +02:00
Oddvar Moe
087b6367ca Fixed missing --- 2019-06-27 17:21:41 +02:00
Oddvar Moe
60f55ee597 Adjusted Squirrel and Update 2019-06-27 17:12:23 +02:00
Oddvar Moe
1c42f7004a Adjusted update.yml 2019-06-27 17:01:34 +02:00
Oddvar Moe
9ce9d8bc78
Merge pull request #38 from jreegun/patch-1 
Create squirrel.yml
 2019-06-27 16:46:11 +02:00
jreegun
307c77fa4d
Create update.yml 2019-06-27 20:26:24 +08:00
jreegun
c96d22b345
Create squirrel.yml 2019-06-27 20:22:35 +08:00
Oddvar Moe
d26c01fa45 Reverted back 2019-06-27 13:49:52 +02:00
Oddvar Moe
6338ac77a0 Remove % from Update.yml 2019-06-27 13:46:40 +02:00
Oddvar Moe
da3b619651 Adjusted new contributions 2019-06-27 13:42:06 +02:00
Oddvar Moe
a92b0e4d15 Adjusted new contributions 2019-06-27 13:41:07 +02:00
Oddvar Moe
285e4d78d8 Adjusted new contributions 2019-06-27 13:40:03 +02:00
Oddvar Moe
95e37b7cbf
Merge pull request #36 from yeyintminthuhtut/master 
Cmd.exe ADS
 2019-06-27 13:02:40 +02:00
Mr.Un1k0d3r
7ed8fb4d06
Create Teams-update.yml 2019-06-26 14:12:02 -04:00
r0lan
fb5f164827
Cmd.exe ADS 2019-06-26 18:33:11 +08:00
Bart
a511624f40
Create RunCmd_X64.yml 2019-06-08 19:55:06 +01:00
Oddvar Moe
f7748a08cc added Jsc.exe - Thanks @DissectMalware 2019-05-31 13:56:55 +02:00
Oddvar Moe
106c359687 added Jsc.exe - Thanks @DissectMalware 2019-05-31 13:53:43 +02:00
Eli Salem
a7b6d2aad2 Add aswrundll.exe non microsoft lolbin 2019-03-20 10:53:11 +02:00
Oddvar Moe
17e541f8c0 Added wsreset.exe - uac bypass 2019-03-18 08:44:53 +01:00
bohops
8806a9e0ee
Added VSS use case 2019-02-12 08:15:55 -05:00
Oddvar Moe
69795dca7e Added fixes from https://github.com/sagishahar, typos in wmic and extexport 2019-02-01 18:38:35 +01:00
Santiago Bruno
cc8288c7d5 Fixing some typos 2019-01-28 13:39:23 -03:00
Oddvar Moe
a0136a78cd Typo in command - fixed 2019-01-24 11:52:25 +01:00
Oddvar Moe
92bcd8cfd8 added new example to certutil from egre55 2019-01-24 10:40:45 +01:00
Santiago Bruno
1a01ec5100 Merge branch 'master' of https://github.com/sbruno/LOLBAS 2019-01-23 20:07:22 -03:00
Santiago Bruno
64623edd6e Renaming Ie4unit.yml as Ie4uinit.yml since this is the correct binary name 2019-01-23 20:06:16 -03:00
Santiago Bruno
7252652920 replacing ie4unit occurrences with ie4uinit 2019-01-23 20:04:12 -03:00
Oddvar Moe
3371628d0b Converted pull request from keepwatch into yml format. Original request here: https://github.com/LOLBAS-Project/LOLBAS/pull/19 - Thanks for contributing 2018-12-12 12:56:53 +01:00
Oddvar Moe
aba9538581 minor changes to Eventvwr 2018-12-12 12:50:27 +01:00
Oddvar Moe
d827dfba1f
Merge pull request #22 from eSentire/master 
Eventvwr.exe UAC bypass
 2018-12-12 12:45:35 +01:00
Oddvar Moe
7addc14d7f
Update Eventvwr.yml 
Category change
 2018-12-12 12:45:05 +01:00
Oddvar Moe
57b348fb03 Added AWL Bypass to msdeploy 2018-12-12 12:34:59 +01:00
dave5623
889e86be04
Update Sqlps.yml 
Minor Typo Fix
 2018-12-11 09:38:39 -05:00
Maverick
99d1eed476 Correct wrongly attributed twitter handle 
- it should be *Moriarty_Meng* instead of *moriarty2016*
 2018-12-10 21:26:33 +01:00
Oddvar Moe
1af009d707 Added example to DFSVC - Thanks to PolarBearGod 2018-12-10 18:45:41 +01:00
Oddvar Moe
c9b4b244fa Added ftp.exe 2018-12-10 15:03:30 +01:00
Oddvar Moe
04d193ccfa Minor typo in Runscripthelper.exe 2018-12-10 14:38:48 +01:00
Oddvar Moe
94368c1e69 Major changes to Web portal - Small fixes to source files to adjust 2018-12-10 14:28:12 +01:00
bohops
2b77add5b4
Update Mmc.yml 2018-12-04 19:38:17 -05:00
bohops
931ea67ce4
Update Mmc.yml 2018-12-04 19:35:52 -05:00
bohops
838f2c9a49
Create Mmc.yml 2018-12-04 19:35:26 -05:00
bohops
cb1db201b8
Create Verclsid.yml 2018-12-04 19:26:34 -05:00
bohops
ef2b253227
Update Xwizard.yml 2018-12-04 19:09:42 -05:00
bohops
34b1287f10
Added rundll32 -sta COM server execution 2018-12-04 18:59:08 -05:00
Jacob Gajek
fd44373927 Eventvwr.exe UAC bypass 2018-11-01 15:20:09 -04:00
Oddvar Moe
60874f9754 Changed from non-existing category persistence to execute 2018-10-25 21:35:37 +02:00
Oddvar Moe
a61d2586cf Errors in YAML files corrected 2018-10-25 21:24:55 +02:00
Oddvar Moe
550263cd1e Removed MD files, we only use the webportal from now on. All MD files moved to archive 2018-10-25 18:31:11 +02:00
xenoscr
d6fe95fe98 Adding Microsoft.Workflow.Compiler.exe and payload examples. 2018-10-24 22:48:45 -04:00
Ossi Väänänen
31d7b4aa77 Failed to RTFM -- removed .md, added .yml 2018-10-24 11:55:52 +03:00
Conor Richard
c103cb3677 Adding 'Execute' categories to existing 'AWL Bypass' binaries. 2018-10-05 15:06:01 -04:00
bohops
6381da333c
Added Acknowledgement 2018-10-04 10:08:21 -04:00
bohops
783b4f3d9f
Added AWL Bypass 2018-10-04 10:07:02 -04:00
bohops
f8e9ac5a0a
Fixed a few categories 2018-09-26 10:33:52 -04:00
Oddvar Moe
bac3b9e56c Update scripts with new template. Fixed mgmt script for webportal. Adjustments to existing yml files 2018-09-26 11:41:58 +02:00
Oddvar Moe
d48273583e Changed alternate data stream to ADS as category 2018-09-26 09:34:01 +02:00
Oddvar Moe
7961a99173 minor adjustments 2018-09-25 02:33:38 +02:00
Oddvar Moe
f8fec9849b Minor adjustments to be yaml compliant 2018-09-24 23:18:00 +02:00
Oddvar Moe
37cc1ee83e Changed all OSBinaries according to the new template 2018-09-24 21:59:43 +02:00
bohops
68884a4c13
Update Zipfldr.yml 2018-09-24 14:36:13 -04:00
bohops
679a8a66bb
Update Url.yml 2018-09-24 14:35:06 -04:00
bohops
d045db1755
Update Url.yml 2018-09-24 14:34:40 -04:00
bohops
9c3dbada06
Update Setupapi.yml 2018-09-24 14:32:16 -04:00
bohops
ceebe9a9b9
Update Shdocvw.yml 2018-09-24 14:31:32 -04:00
bohops
c7925f613f
Update Shell32.yml 2018-09-24 14:30:52 -04:00
bohops
2a79b98b6a
Update Syssetup.yml 2018-09-24 14:29:33 -04:00
bohops
2c9043a8fe
Update Shell32.yml 2018-09-24 14:26:49 -04:00
bohops
e618d6eeb0
Update Shdocvw.yml 2018-09-24 14:08:10 -04:00
bohops
bd6580eee8
Update Setupapi.yml 2018-09-24 14:04:31 -04:00
bohops
6128b4ea62
Update Pcwutl.yml 2018-09-24 14:02:23 -04:00
bohops
d7fd801a4d
Update Mshtml.yml 2018-09-24 13:54:07 -04:00
bohops
46cee0e239
Update Advpack.yml 2018-09-24 13:52:23 -04:00
bohops
93a2dcc4c4
Update Ieadvpack.yml 2018-09-24 13:51:19 -04:00
bohops
42bcafa0ff
Update Ieframe.yml 2018-09-24 13:50:33 -04:00
bohops
3d7716bc14
Update Ieadvpack.yml 2018-09-24 13:49:04 -04:00
bohops
f9d4581396
Update Advpack.yml 2018-09-24 13:42:17 -04:00
bohops
26f5d809c4
Update Advpack.yml 2018-09-23 22:29:44 -04:00
bohops
b330d43116
Changed to latest template 2018-09-23 22:23:04 -04:00
Oddvar Moe
adafa6de3f Update readme, began updating OSBins with new template 2018-09-24 01:50:14 +02:00
Conor Richard
e8c7042468 Removing duplicate file 2018-09-21 23:20:32 -04:00
Conor Richard
4335223a8b Moving non-MS script to LOLUtilz, archive 2018-09-21 23:19:05 -04:00
Conor Richard
58e88b98f9 Completed template update of OterMSBinaries 2018-09-21 22:58:00 -04:00
Conor Richard
95dc80b8cd Updated yml for: appvlp and bginfo. 2018-09-18 23:06:22 -04:00
Conor Richard
3266cb4d46 Testing new template display 2018-09-18 22:35:46 -04:00
Oddvar Moe
c949e100bd MD files generate from Script, and adjustments to readme 2018-09-14 15:48:52 +02:00