LOLBAS

mirror of https://github.com/LOLBAS-Project/LOLBAS synced 2025-01-02 18:17:09 +01:00

Author	SHA1	Message	Date
hegusung	3346739e4b	Update Runexehelper.yml Tags Added Tags: Execute EXE	2024-10-13 16:54:20 +02:00
hegusung	39adfc286a	Update Rundll32.yml Tags Added Tags: Execute: JScript Execute: EXE	2024-10-13 16:53:16 +02:00
hegusung	b452a6c3e3	Update Regsvr32.yml Tags Added Tags Execute: Remote Execute: SCT	2024-10-13 16:48:37 +02:00
hegusung	ce907b4e5c	Update Regsvcs.yml Tags Changed DLL to .NetDLL	2024-10-13 16:45:00 +02:00
hegusung	9aa4200dae	Update Regasm.yml Tags Changed Tags DLL to .NetDLL	2024-10-13 16:41:32 +02:00
hegusung	d1f6a8a397	Update Provlaunch.yml Tags Added Tags: Execute CMD	2024-10-13 16:36:45 +02:00
hegusung	8d6bd28331	Update Presentationhost.yml Tags Added Tags: Execute XBAP	2024-10-13 16:34:45 +02:00
hegusung	741e0877df	Update Pnputil.yml Tags Added Tags: Execute INF	2024-10-13 16:29:07 +02:00
hegusung	5a1370ca11	Update Pcwrun.yml Tags Added Tags: Execute EXE	2024-10-13 16:26:26 +02:00
hegusung	7783b436cb	Update Pcalua.yml Tags Tags added: Execute CMD Execute DLL	2024-10-13 16:24:52 +02:00
hegusung	090f8e2078	Update Msiexec.yml Tags Added Tags: Execute MSI Execute Remote Input Custom Format	2024-10-13 16:12:06 +02:00
hegusung	bd07c4dd24	Update Mshta.yml Tags Added Tags: Execute: Remote Input Custom Format Execute JScript Execute VBScript	2024-10-13 16:03:39 +02:00
hegusung	b8d98f067d	Update Msedge.yml Tags Added Tags: Execute CMD Input Custom Format	2024-10-13 15:54:08 +02:00
hegusung	9f3b237005	Update Msdt.yml Tags Added Tags: Execute MSI Execute CMD Input Custom Format	2024-10-13 15:49:14 +02:00
hegusung	a88747c290	Update Msconfig.yml Tags Added Tags: - Execute CMD Input Custom Format	2024-10-13 15:25:01 +02:00
hegusung	eef914dc7b	Update Msbuild.yml Tags Added Tags: - Execute : CSharp - Execute CMD - Input Custom Format	2024-10-13 15:23:20 +02:00
hegusung	377c4b4084	Update Mmc.yml Tags Added tags Execute DLL Input Custom format	2024-10-13 15:18:35 +02:00
hegusung	504c922eb9	Update Hh.yml Tags Added execution remote tag	2024-10-13 15:10:17 +02:00
hegusung	75cd575102	Category Bugfix	2024-10-13 14:50:16 +02:00
hegusung	699d8e9809	Update Microsoft.Workflow.Compiler.yml Tags Added Tags: Execute VB.Net Execute C# Input Custom Format	2024-10-13 13:39:18 +02:00
hegusung	bb2ab8ccda	Update Mavinject.yml Tags Added Tags: Input Custom Format	2024-10-13 13:36:26 +02:00
hegusung	f3739fade3	Update Infdefaultinstall.yml Tags Added: Execute INF Input Custom Format	2024-10-13 13:33:39 +02:00
hegusung	e8c0c77d79	Update Ieexec.yml Tags Added Tags: Execute .NetEXE Execute Remote Input Custom Format	2024-10-13 13:31:56 +02:00
hegusung	5210291b3c	Update Iediagcmd.yml Tags Added Tags Execute EXE Input Fixed Format	2024-10-13 13:29:36 +02:00
hegusung	0a8785481d	Update Ie4uinit.yml Added Tags: Execute INF Input: Fixed Format	2024-10-13 13:26:30 +02:00
hegusung	bbe0681a9a	Update Hh.yml Tags and Added command Added the command to execute remote CHM files Added Tags	2024-10-13 13:24:23 +02:00
hegusung	4e60ead5f7	Update Gpscript.yml Tags Added Tags: - Execute CMD - Input Fixed Format	2024-10-13 13:15:50 +02:00
hegusung	eb06fb5266	Update Ftp.yml Tags Added Tags: - Execute CMD - Input Custom Format	2024-10-13 13:13:21 +02:00
hegusung	d8c1def350	Update Fsutil.yml Tags Added Tags: Execute: EXE Input: Fixed Format	2024-10-13 13:12:20 +02:00
hegusung	3db62fffdc	Update Forfiles.yml Tags Added Tags: - Execute EXE - Input: Custom Format	2024-10-13 13:11:05 +02:00
hegusung	44a2e0c6e1	Update Extexport.yml Tags Added Tags: - Input CustomFormat	2024-10-13 13:08:11 +02:00
hegusung	ec76e9e49f	Update Explorer.yml Tags Added Tags: - Execute EXE - Input: Custom Format	2024-10-13 13:07:06 +02:00
hegusung	524ef32173	Update Dnscmd.yml Tags Added Tags: - Execution: Remote - Input: Custom Format	2024-10-13 13:05:06 +02:00
hegusung	0c36af16d5	Update Diskshadow.yml Tags Added Tags: - Execute CMD - Input CustomFormat	2024-10-13 13:03:33 +02:00
hegusung	daee90f6cd	Update Dfsvc.yml Tags Added Tags: - Execute ClickOnce - Execute Remote - Input Custom Format	2024-10-13 12:37:51 +02:00
hegusung	7642b8cd86	Update CustomShellHost.yml Tags Added Tags: - Execute EXE - Input Fixed Format	2024-10-13 12:35:23 +02:00
hegusung	20ff06dd26	Update Cscript.yml Tags Added Input tag	2024-10-13 12:33:41 +02:00
hegusung	2bf4516881	Update Control.yml Added Execution section to Control.exe Added tags: - Input Custom Format	2024-10-13 12:26:15 +02:00
hegusung	bb484e278e	Update Conhost.yml Execute and Input Tags added	2024-10-13 12:19:14 +02:00
hegusung	6546853446	Update Cmstp.yml Tags: Changed Input: INF to Execute INF for consistency Inout: Customformat added	2024-10-13 12:16:28 +02:00
hegusung	3123301802	Update Certoc.yml Added Tags: - Input: CustomFormat	2024-10-13 12:06:18 +02:00
hegusung	6d4ac1c680	Update Bash.yml Added tags: - Execute: CMD - Input: Custom format	2024-10-13 12:02:27 +02:00
hegusung	a199ff5deb	Update Atbroker.yml Added the following tags: - Execute: EXE - Input: Custom Format	2024-10-13 11:59:14 +02:00
hegusung	58d2f4c79c	Update At.yml Added tags - Execute: EXE - Input: Custom Format	2024-10-13 11:55:20 +02:00
hegusung	e5731033b2	Update Addinutil.yml Tags added: - .NetObjects - Fixed Format	2024-10-13 11:50:14 +02:00
hegusung	56ad2e7593	Update Installutil.yml Changed tags Execute DLL to Execute .NetDLL Added Execute: .NetEXE tag	2024-10-13 11:11:44 +02:00
Wietze	f69b8abae1	Removing empty resource sections	2024-10-02 01:55:22 +01:00
Wietze	7e171658dd	Remove broken imgur link	2024-10-02 01:20:22 +01:00
Wietze	55d84345ac	Adding <version> placeholder to Vshadow	2024-10-01 23:45:18 +01:00
Wietze	39a7120d40	Adding Windows file path validation for values of File_Path (#403 )	2024-10-01 23:14:19 +01:00
Avihay Eldad	d8402e6651	Add VSLaunchBrowser.yml (#367 )	2024-10-01 22:37:11 +01:00
Eron Clarke	50e17c089a	Add ComputerDefaults.yml (#400 ) Co-authored-by: Wietze <wietze@users.noreply.github.com>	2024-09-25 23:47:41 +01:00
Avihay Eldad	9b1a98794b	Update Wmic.yml (#355 )	2024-09-15 17:31:17 +01:00
Ekitji	9ee5548623	Updates in Stordiag.exe (#394 )	2024-09-10 13:31:38 +01:00
Avihay Eldad	bfa71cc57e	Add DTUtil.yml (#382 ) Co-authored-by: Wietze <wietze@users.noreply.github.com>	2024-09-07 15:16:04 +01:00
p4yl0ad	cfd827fe6d	Fixing some paths / adding some paths, this will improve upstream hunting tool efficacy if proper paths are referenced in the yml (#392 )	2024-09-07 15:07:46 +01:00
deadjakk	61bff01584	Odbcconf.yml - Corrected incorrect privileges (#396 )	2024-09-07 15:01:46 +01:00
unrooted	659a0240e8	Update Winget.yml (#384 ) Co-authored-by: Wietze <wietze@users.noreply.github.com>	2024-08-17 23:52:52 +01:00
Avihay Eldad	d5d11f47a1	Add Xsd.yml (#366 )	2024-08-17 22:18:59 +01:00
TAbdiukov	5b12df2b93	Makecab - LOLBAS command, more information about Windows compatibility (#389 ) --------- Co-authored-by: Wietze <wietze@users.noreply.github.com>	2024-08-17 22:16:07 +01:00
TAbdiukov	5826e4d415	Adding more operating systems to extrac32.exe (#387 ) Co-authored-by: Wietze <wietze@users.noreply.github.com>	2024-08-17 22:10:48 +01:00
TAbdiukov	e09cf1066f	Add Diantz directives/DDF entry to diantz.exe (#390 ) Co-authored-by: Wietze <wietze@users.noreply.github.com>	2024-08-17 22:02:55 +01:00
Avihay Eldad	74ffaa534f	Add Ngen.exe (#357 ) Co-authored-by: Wietze <wietze@users.noreply.github.com>	2024-07-15 20:59:23 +01:00
Avihay Eldad	da4f6e5407	Update Msdeploy.yml and add copy utility (#354 )	2024-07-15 20:53:17 +01:00
Nathan	70268a5a9f	fix parameter typo for squirrel.exe (#383 )	2024-07-12 18:49:30 +01:00
unrooted	03b527b105	Update wsl.exe description (#378 ) Co-authored-by: Wietze <wietze@users.noreply.github.com>	2024-06-06 23:42:25 +01:00
Avihay Eldad	35148cc39e	Add Visio.exe as a downloader (#356 ) Co-authored-by: Wietze <wietze@users.noreply.github.com>	2024-06-05 23:50:25 +01:00
bohops	622aaeed54	Add Powershell.exe to Honorable Mentions (#363 )	2024-06-05 23:17:34 +01:00
Dr. Gerald Yaya	5d80e48159	Correct Winget.yml Spelling (#379 ) Corrected some spelling mistakes in the "Privileges" node of Winget.yml	2024-06-03 17:52:55 +01:00
Avihay Eldad	78fa7b550e	Add Winfile.yml (#374 ) Co-authored-by: Wietze <wietze@users.noreply.github.com>	2024-05-23 00:02:56 +01:00
Borja	2185ade1f2	Update Msiexec.yml (#369 )	2024-05-22 18:59:51 +01:00
Mozhar Alhosni	91a3e80d8f	Update Csc.yml (#376 ) Co-authored-by: Wietze <wietze@users.noreply.github.com>	2024-05-22 18:55:40 +01:00
Lino	5d7ec48f4f	Update Msiexec.yml (#377 ) Fixed spelling	2024-05-20 16:49:27 -04:00
Wietze	2cc0ee99e6	Applying MITRE ATT&CK v15 changes (#370 ) https://attack.mitre.org/resources/updates/updates-april-2024/	2024-04-24 15:10:59 +01:00
$frack113$ frack113	2cc01b0113	Add Detection Sigma ref (#368 )	2024-04-19 18:53:37 +01:00
irEasty	fc23c999e6	Create wbadmin (#364 ) Co-authored-by: Wietze <wietze@users.noreply.github.com>	2024-04-05 19:38:21 +01:00
Avihay Eldad	aea7bd082d	Add Winproj.exe as a downloader (#351 ) Co-authored-by: Wietze <wietze@users.noreply.github.com>	2024-04-05 19:19:49 +01:00
C-h4ck-0	3c826ab1ca	Add MSAccess as a new downloader (#288 ) Co-authored-by: Wietze <wietze@users.noreply.github.com>	2024-04-05 19:18:57 +01:00
Wietze	ebbf08ec4d	Adding tags (closes #9 , #318 ) (#362 ) * Adding various tags as a first iteration * Adding quotes * Adding 'Custom Format' properly * Updating to key:value pairs * Update template	2024-04-03 11:53:36 -04:00
Avihay Eldad	a945bac6be	Create Appcert.yml (#361 ) Co-authored-by: Wietze <wietze@users.noreply.github.com>	2024-03-31 18:56:11 +01:00
Avesta	33b9574d04	Update Tar.yml (#310 ) Co-authored-by: Wietze <wietze@users.noreply.github.com>	2024-03-31 14:00:57 +01:00
Avihay Eldad	65e05aa4d6	Update Te.yml (#359 ) Co-authored-by: Wietze <wietze@users.noreply.github.com>	2024-03-31 13:43:00 +01:00
Axel Boesenach	3aa721515b	Fix typo in /z command parameter (#360 )	2024-03-23 11:13:30 +00:00
j00c3	23bf33c7c4	Update MITRE T1185 to T1105 (#345 )	2024-02-17 17:30:52 +00:00
Bjarne	ce53e1376a	Moved text to correct line (#349 ) Moved "and show response in terminal" from `Command` to `Description`	2024-02-17 17:14:08 +00:00
Lino	bba87a6c2a	TypoFix: Addinutil.yml (#342 ) Small typo fix: serliaized -> serialized	2024-02-13 13:37:40 +00:00
Wietze	80267d91dd	Adding GitHub Actions workflow test for duplicate filenames (#340 ) * Adding GitHub Actions workflow test for duplicate filenames * Adding generic error message * Deduping fsutil.exe and teams.exe	2023-11-07 20:55:24 -05:00
Grzegorz Tworek	5b4d6d604c	Create Fsutil.yml (#339 )	2023-11-06 15:01:59 +01:00
pfiatde	ee78111254	Update Msiexec.yml (#333 ) * Update Msiexec.yml Added transform file execution * Update Msiexec.yml	2023-11-06 13:47:04 +01:00
Wietze	760151b598	Fixing yml files with .yaml extension (#338 )	2023-10-19 17:17:15 +01:00
$frack113$ frack113	4f83231697	Update old sigma link (#303 ) * Update SigmaHQ ref Signed-off-by: frack113 <62423083+frack113@users.noreply.github.com> * Update SigmaHQ ref Signed-off-by: frack113 <62423083+frack113@users.noreply.github.com> * Update SigmaHq ref Signed-off-by: frack113 <62423083+frack113@users.noreply.github.com> * Update SigmaHq ref Signed-off-by: frack113 <62423083+frack113@users.noreply.github.com> --------- Signed-off-by: frack113 <62423083+frack113@users.noreply.github.com>	2023-10-18 11:30:34 -04:00
Onat Uzunyayla	7aba6fb550	Create vstest.console.exe (#322 ) * vstest.console.exe awl bypass * Create testwindowremoteagent.yaml Data Exfiltration with TestWindowRemoteAgent.exe is added * Create vstest.yaml In order to utilize this, you have to create a Unit Test project for c++ preferrably (because it builds into a single DLL easily) and write your malicious code inside the test method then build it. the main function will not run any code at all but when you call vstest.console to run your unit tests it also performs the other code inside the test method so you can run your code without directly running exe or dll * Delete testwindowremoteagent.yaml * Update vstest.yaml A new description added	2023-10-18 11:28:04 -04:00
Kamran Saifullah - Frog Man	b13eb6f4fd	DevTunnels - Other MS Binary for Data Exfiltration (#327 ) * Add files via upload * updated devtunnels.yml * Update devtunnels.yml * Update devtunnels.yml * Update devtunnels.yml * Updated Priviliges	2023-10-15 00:05:54 +02:00
SILJAEUROPA	fa3b5ed33c	added addinutil lolbas binary (#335 ) * added addinutil lolbas binary * updated format for lint * EOF LF	2023-10-09 09:05:57 +02:00
Manas Bellani	d6e4fb07d5	Added lolbas iediagcmd.exe as discovered by Adam @hexacorn (#199 ) Everything looks good, confirmed working on Windows 10 & 11, merging changes: * Added 'Execute' lolbas for iediagcmd.exe * Added missing fields from the template * Update Iediagcmd.yml Made corrections * Update Iediagcmd.yml Removing trailing spaces * Update Iediagcmd.yml removing empty fields * Minor changes * Update Iediagcmd.yml Removing space before first "&". When setting the Environment variable, it's picking up the space so the path seemed to be "c:\test \", which is why tests are failing. * Adding Windows 11 support --------- Co-authored-by: Conor Richard <xenos@xenos-1.net> Co-authored-by: Wietze <wietze@users.noreply.github.com>	2023-10-04 09:47:18 -04:00
Wietze	b3951952b0	Fixing command attribute on Vshadow	2023-10-03 17:41:18 +01:00
Wietze	366cdbd57c	Renaming vshadow file	2023-10-03 17:38:41 +01:00
Wietze	746d49bbb3	Merge remote-tracking branch 'origin/master' into fix/incorrect_date	2023-10-03 17:37:28 +01:00
Wietze	e90d795e62	Fixing incorrect category on testwindowremoteagent entry	2023-10-03 17:24:36 +01:00
Wietze	135fc5ba49	Fixing incorrect date on testwindowremoteagent entry	2023-10-03 17:22:22 +01:00

1 2 3 4 5 ...

710 Commits