Oddvar Moe
fa3710ede5
Rename certreq.yml to Certreq.yml
2020-08-24 09:32:54 +02:00
Oddvar Moe
a104fbd075
Merge pull request #75 from dtmsecurity/master
...
Create certreq.yml
2020-08-24 09:30:16 +02:00
Oddvar Moe
2cf7d8cdeb
Adjusted missing ticks in Acknowledgement
2020-08-24 09:28:38 +02:00
Oddvar Moe
84a6cd8e85
Merge pull request #66 from GoSecure/gosecure/ttdinject
...
Added proxy execution for ttdinject.exe
2020-08-24 09:25:29 +02:00
Oddvar Moe
8cf6ef53fb
Rename squirrel.yml to Squirrel.yml
2020-08-15 00:27:11 +02:00
Oddvar Moe
39f55359ef
Rename update.yml to Update.yml
2020-08-15 00:26:53 +02:00
Oddvar Moe
020416d098
Delete Update.yml
2020-08-15 00:26:35 +02:00
Oddvar Moe
4c44d039a1
Merge pull request #81 from jreegun/patch-6
...
Update update.yml
2020-08-15 00:24:45 +02:00
Oddvar Moe
b592be6027
Update Manage-bde.yml
...
Remove extra -
2020-08-15 00:17:27 +02:00
Oddvar Moe
2dabdb0840
adjusted extrac32 yml error
2020-08-15 00:13:16 +02:00
Oddvar Moe
a24bc5b946
Merge pull request #79 from LuxNoBulIshit/master
...
add new usecase for Extrace32.exe
2020-08-15 00:05:37 +02:00
Oddvar Moe
631996950a
Update Extrac32.yml
2020-08-15 00:05:16 +02:00
binar-x79
eb0279838b
Create pktmon.yml
2020-08-12 22:04:03 -07:00
Reegun J
ed1e113460
Update update.yml
...
Hi, I have updated with new findings - Reegun
2020-08-10 11:31:48 +08:00
Tamirye
4db780e0f0
Create diantz.yml
...
use daintz.exe to download and compress a binary file from a remote server\internet or use it to store file in Alternate data stream.
2020-08-08 15:09:53 +03:00
LuxNoBu!!shit
be19ca53ed
Update Extrac32.yml
2020-08-08 15:02:05 +03:00
LuxNoBu!!shit
2450b9fc0a
Update Extrac32.yml
2020-08-08 15:01:46 +03:00
LuxNoBu!!shit
3a3d28e496
Update Extrac32.yml
...
another use case for extrace32.
2020-08-08 14:59:15 +03:00
Chris "Lopi" Spehn
689c3b1fea
Update Regsvcs.yml
...
Fixed inaccurate permissions
2020-08-04 07:40:48 -06:00
Eleftherios Panos
3710c1c972
Added method for AgentExecutor
2020-07-23 13:58:30 +03:00
@dtmsecurity
aa88bf8144
Create certreq.yml
2020-07-07 21:09:06 +01:00
Maxime Nadeau
640e7f2d65
Added a Windows 10 2004 version
2020-07-03 16:59:53 -04:00
bohops
343a0e2478
Added plain explorer execution
2020-07-03 15:03:07 -04:00
bohops
92f020b885
Added dotnet msbuild awl bypass technique
2020-07-03 14:56:06 -04:00
bohops
a976eaefe1
Updated Mitre Reference - T1096
2020-07-03 10:35:01 -04:00
bohops
f1a7ad92dd
Changed privilege level for registration
2020-07-03 10:24:34 -04:00
bohops
e316cb4842
Delete Slmgr - COM Hijacks are too broad
2020-07-03 10:15:06 -04:00
bohops
12cdb47285
Removed COM Hijack
2020-07-03 10:07:18 -04:00
bohops
17a34e27f6
Added Twitter reference for use "in-the-wild"
2020-07-03 10:03:42 -04:00
Oddvar Moe
cb3a45008e
Added regini.exe writing to registry using ADS
2020-07-03 15:40:58 +02:00
Oddvar Moe
420860e5f7
Adjusted some missing quotes and stuff on Dekstopimgdownldr
2020-07-03 15:05:33 +02:00
Oddvar Moe
7dfbc7af67
Update and rename desktopimgdownldr.yml to Desktopimgdownldr.yml
...
Changed capitalization
2020-07-03 15:04:09 +02:00
Oddvar Moe
c5866efc41
Merge pull request #74 from Kristal-g/master
...
Added desktopimgdownldr.exe
2020-07-03 15:03:10 +02:00
Oddvar Moe
dac58c312f
Fixed some missing quotes and stuff on psr.exe
2020-07-03 14:59:50 +02:00
Oddvar Moe
17db28c643
Merge pull request #73 from Lemonada/master
...
Add psr.exe
2020-07-03 14:58:26 +02:00
Oddvar Moe
416680941d
Rename explorer.yml to Explorer.yml
...
Changed capitalization
2020-07-03 14:52:29 +02:00
Oddvar Moe
8bb57e1ac5
Merge pull request #72 from JPMinty/master
...
Create explorer.yml
2020-07-03 14:50:07 +02:00
Oddvar Moe
c31053e6bd
Merge pull request #70 from cnotin/patch-1
...
sqldumper: minor fix mis-typed words
2020-07-03 14:34:02 +02:00
Oddvar Moe
8ce4c1497d
Merge pull request #64 from noraj/patch-1
...
Download for ftp.exe
2020-07-03 14:08:32 +02:00
Oddvar Moe
794d3c04cc
Added Acknowledgement to rundll32
2020-07-03 14:03:51 +02:00
Oddvar Moe
604eb45fb4
Merge pull request #61 from MartinIngesen/master
...
Using rundll32 to execute dll from a SMB share
2020-07-03 14:01:12 +02:00
Kristal-g
fd01a9151a
Added desktopimgdownldr.exe
2020-07-02 20:46:05 +03:00
Lemonada
2a5a4e391d
Create Psr.yml
...
take screenshots of user sessions
2020-06-27 14:51:07 +03:00
JPMinty
663724523f
Update explorer.yml
2020-06-24 21:15:40 +09:30
JPMinty
dec26ada21
Create explorer.yml
2020-06-24 21:09:59 +09:30
Clément Notin
ae3d9b9b6b
sqldumper: minor fix mis-typed words
2020-06-15 23:33:34 +02:00
Maxime Nadeau
b95fb7ed27
Added the IOCs
2020-05-12 16:40:49 -04:00
Maxime Nadeau
b8b265b397
Added ttdinject
2020-05-12 16:31:47 -04:00
Maxime Nadeau
5de8d357b6
Added ttdinject.exe
2020-05-12 16:24:49 -04:00
Alexandre ZANNI
aef4b06952
Download for ftp.exe
...
add a non-interactive one-line command to download arbitrary binary with ftp.exe
excessively useful on Windows XP, & Windows Server 2003 where all other LOLBAS that allow download (certutils, bitsutils, etc.) don't exist and where powershell was not install by default.
2020-04-21 23:52:22 +02:00
Oddvar Moe
9722cceb9e
Added download example to wsl.exe
2020-03-25 11:33:02 +01:00
Oddvar Moe
9f110bce07
Fixed missing octet in command
2020-03-25 11:24:54 +01:00
Oddvar Moe
6ac04d73d7
Added examples to bash.exe
2020-03-25 11:08:13 +01:00
Oddvar Moe
f2fa2ef989
Added additional example to wsl.exe
2020-03-25 10:26:59 +01:00
Chris "Lopi" Spehn
d67c8f5c11
Update RegAsm to the correct permissions
2020-03-20 11:51:21 -06:00
Martin Ingesen
e4face79af
Using rundll32 to execute dll via SMB
2020-03-18 15:20:50 +01:00
Oddvar Moe
cce7c5ce3a
Adjusted error in atbroker as per issue #47
2020-03-17 11:08:47 +01:00
Oddvar Moe
94d10799d3
Adjusted ilasm
2020-03-17 11:05:14 +01:00
Oddvar Moe
187786469c
Merge pull request #60 from LuxNoBulIshit/master
...
Create ilasm.yml
2020-03-17 10:57:53 +01:00
Oddvar Moe
dc3a211c89
Re-added ntdsutil
2020-03-17 10:55:59 +01:00
LuxNoBu!!shit
7a2ff4c250
Create ilasm.yml
2020-03-17 03:04:20 +02:00
Oddvar Moe
4bef10b147
adjusted rasautou and removed ntdsutil
2020-03-16 20:10:17 +01:00
Oddvar Moe
80295ef865
Merge pull request #54 from ForensicITGuy/ntdsutil
...
Ntdsutil & Rasautou addition
2020-03-16 20:06:54 +01:00
Oddvar Moe
81c363ac8a
Adjustment to vbc.yml contribution
2020-03-16 19:55:27 +01:00
leo1-1
c7c93e9f95
Create vbc.yml
2020-02-27 17:13:07 +02:00
Oddvar Moe
acecdcf3df
Netsh contribution from Freddie Bar-Smith - Thank you
2020-01-23 09:07:40 +01:00
Oddvar Moe
94708ac5d6
Added links to obfuscation technique from Sailay(valen) on rundll32
2020-01-23 08:57:43 +01:00
Tony M Lambert
e2f217c777
ntdsutil addition
2020-01-10 22:53:34 -06:00
Tony M Lambert
99b87fdc13
Rasautou addition
2020-01-10 22:52:15 -06:00
Oddvar Moe
ecc94c2d09
Adjusted GfxDownloadWrapper
2020-01-07 09:08:13 +01:00
Oddvar Moe
71aec7465b
Minor adjustments to GfxDownloadWrapper.yml
2020-01-07 09:03:42 +01:00
Oddvar Moe
aada926e6f
Merge pull request #52 from jesgal/patch-1
...
Create GfxDownloadWrapper.yml
2020-01-07 09:00:58 +01:00
Oddvar Moe
22ef6bfc63
Added additional paths to CL_MutexVerifiers.ps1 - input from @shilpeshTrivedi
2020-01-07 08:45:25 +01:00
Oddvar Moe
7030e00929
Capitalized dotnet name
2020-01-07 08:40:24 +01:00
Oddvar Moe
e1b36a25bd
Rename dotnet.yml to Dotnet.yml
2020-01-07 08:37:36 +01:00
Oddvar Moe
acd38cec9e
Merge pull request #49 from felamos/master
...
Create dotnet.yml
2020-01-07 08:32:35 +01:00
jesgal
c9e608ce0f
Update GfxDownloadWrapper.yml
2019-12-27 17:11:30 +01:00
jesgal
a057cf2420
Create GfxDownloadWrapper.yml
...
GfxDownloadWrapper.exe downloads the content that returns <URL> and writes it to the file <DESTINATION FILE PATH>. The binary is signed by "Microsoft Windows Hardware", "Compatibility Publisher", "Microsoft Windows Third Party Component CA 2012", "Microsoft Time-Stamp PCA 2010", "Microsoft Time-Stamp Service".
2019-12-27 17:02:34 +01:00
Ayush Sahay
5cb17cfb26
Create dotnet.yml
2019-12-11 15:53:12 +05:30
Oddvar Moe
94a295213e
Added Dump example to TTTracer.exe
2019-11-18 12:50:49 +01:00
Oddvar Moe
e0db5721ff
Added Dump Example to TTTracer.exe
2019-11-18 12:47:51 +01:00
Oddvar Moe
4663c13324
Adjustment
2019-11-05 15:47:20 +01:00
Oddvar Moe
8d74b3062f
Adjustment
2019-11-05 14:36:53 +01:00
Oddvar Moe
f9a7c42a85
Added TTTracer.exe - Thanks Onur Ulusoy
2019-11-05 12:12:46 +01:00
Oddvar Moe
13093c879e
Updated odbcconf.exe with discovery from @Hexacorn <3
2019-10-24 10:01:44 +02:00
Oddvar Moe
cb9fa974dd
Merge pull request #46 from felamos/patch-1
...
Create devtoolslauncher.yml
2019-10-07 23:56:01 +02:00
Oddvar Moe
7469812286
Update and rename devtoolslauncher.yml to Devtoolslauncher.yml
2019-10-07 23:55:44 +02:00
Oddvar Moe
8eb582de42
Update At.yml
2019-10-07 23:51:26 +02:00
Ayush Sahay
134b272567
Update devtoolslauncher.yml
2019-10-07 12:15:47 +05:30
Ayush Sahay
0fe0504622
Update devtoolslauncher.yml
2019-10-04 10:20:38 +05:30
Ayush Sahay
48ed8f7914
Create devtoolslauncher.yml
2019-10-04 09:29:59 +05:30
freddie
9f47e26f16
Adding At.exe, for submission to LOLbas list, with proof of malware using it in wild :O
2019-09-21 03:19:25 +01:00
Oddvar Moe
32757cd0c3
Added Office binaries from jreegun to the project. Pull request 42
2019-09-17 22:58:03 +02:00
Oddvar Moe
0644ac30d7
Added Office binaries from jreegun to the project. Pull request 42
2019-09-17 22:44:27 +02:00
Oddvar Moe
ed266c0983
Fixed some typos
2019-09-17 20:45:49 +02:00
Oddvar Moe
8762fc5735
Acknowledgement fix for comsvcs
2019-09-16 09:50:01 +02:00
Oddvar Moe
4ebf1ac4f7
Adjusted case sensitive type in yml file for Comsvcs
2019-09-16 09:44:14 +02:00
Oddvar Moe
11c6c7c48d
Adjusted
2019-09-16 09:38:05 +02:00
plowsec
dd5df7cf3e
Add Comsvcs.yml: dump lsass via signed DLL.
2019-08-30 14:12:46 +02:00
Oddvar Moe
5b63815c0a
Updated update and squirrel with updaterollback parameter
2019-07-02 09:06:19 +02:00
Oddvar Moe
8fcc9a105a
Fixed spacing error
2019-06-28 18:07:24 +02:00
Oddvar Moe
8528caf21d
Added Acknowledgement to wsl.exe
2019-06-28 18:05:34 +02:00
Oddvar Moe
f77b3b4019
Fixed spacing issue
2019-06-28 17:53:45 +02:00
Oddvar Moe
dd545693da
Merge pull request #40 from NotoriousRebel/master
...
Create Wsl.yml
2019-06-28 17:50:13 +02:00
NotoriousRebel
ff0155f599
Moved Wsl.yml location to OtherMSBinaries and added another example for possible usecases.
2019-06-28 09:20:56 -04:00
Oddvar Moe
e05ae6c051
Adjusted Update and Squirrel
2019-06-28 09:05:27 +02:00
Oddvar Moe
3be3e5f3f8
Added link to reegun blog
2019-06-28 08:48:41 +02:00
NotoriousRebel
ff7dd5893b
Added Wsl.yml
2019-06-27 15:39:12 -04:00
Oddvar Moe
b284e46763
Added example to wscript
2019-06-27 17:27:31 +02:00
Oddvar Moe
087b6367ca
Fixed missing ---
2019-06-27 17:21:41 +02:00
Oddvar Moe
60f55ee597
Adjusted Squirrel and Update
2019-06-27 17:12:23 +02:00
Oddvar Moe
1c42f7004a
Adjusted update.yml
2019-06-27 17:01:34 +02:00
Oddvar Moe
9ce9d8bc78
Merge pull request #38 from jreegun/patch-1
...
Create squirrel.yml
2019-06-27 16:46:11 +02:00
jreegun
307c77fa4d
Create update.yml
2019-06-27 20:26:24 +08:00
jreegun
c96d22b345
Create squirrel.yml
2019-06-27 20:22:35 +08:00
Oddvar Moe
d26c01fa45
Reverted back
2019-06-27 13:49:52 +02:00
Oddvar Moe
6338ac77a0
Remove % from Update.yml
2019-06-27 13:46:40 +02:00
Oddvar Moe
da3b619651
Adjusted new contributions
2019-06-27 13:42:06 +02:00
Oddvar Moe
a92b0e4d15
Adjusted new contributions
2019-06-27 13:41:07 +02:00
Oddvar Moe
285e4d78d8
Adjusted new contributions
2019-06-27 13:40:03 +02:00
Oddvar Moe
95e37b7cbf
Merge pull request #36 from yeyintminthuhtut/master
...
Cmd.exe ADS
2019-06-27 13:02:40 +02:00
Mr.Un1k0d3r
7ed8fb4d06
Create Teams-update.yml
2019-06-26 14:12:02 -04:00
r0lan
fb5f164827
Cmd.exe ADS
2019-06-26 18:33:11 +08:00
Bart
a511624f40
Create RunCmd_X64.yml
2019-06-08 19:55:06 +01:00
Oddvar Moe
f7748a08cc
added Jsc.exe - Thanks @DissectMalware
2019-05-31 13:56:55 +02:00
Oddvar Moe
106c359687
added Jsc.exe - Thanks @DissectMalware
2019-05-31 13:53:43 +02:00
Eli Salem
a7b6d2aad2
Add aswrundll.exe non microsoft lolbin
2019-03-20 10:53:11 +02:00
Oddvar Moe
17e541f8c0
Added wsreset.exe - uac bypass
2019-03-18 08:44:53 +01:00
bohops
8806a9e0ee
Added VSS use case
2019-02-12 08:15:55 -05:00
Oddvar Moe
69795dca7e
Added fixes from https://github.com/sagishahar , typos in wmic and extexport
2019-02-01 18:38:35 +01:00
Santiago Bruno
cc8288c7d5
Fixing some typos
2019-01-28 13:39:23 -03:00
Oddvar Moe
a0136a78cd
Typo in command - fixed
2019-01-24 11:52:25 +01:00
Oddvar Moe
92bcd8cfd8
added new example to certutil from egre55
2019-01-24 10:40:45 +01:00
Santiago Bruno
1a01ec5100
Merge branch 'master' of https://github.com/sbruno/LOLBAS
2019-01-23 20:07:22 -03:00
Santiago Bruno
64623edd6e
Renaming Ie4unit.yml as Ie4uinit.yml since this is the correct binary name
2019-01-23 20:06:16 -03:00
Santiago Bruno
7252652920
replacing ie4unit occurrences with ie4uinit
2019-01-23 20:04:12 -03:00
Oddvar Moe
3371628d0b
Converted pull request from keepwatch into yml format. Original request here: https://github.com/LOLBAS-Project/LOLBAS/pull/19 - Thanks for contributing
2018-12-12 12:56:53 +01:00
Oddvar Moe
aba9538581
minor changes to Eventvwr
2018-12-12 12:50:27 +01:00
Oddvar Moe
d827dfba1f
Merge pull request #22 from eSentire/master
...
Eventvwr.exe UAC bypass
2018-12-12 12:45:35 +01:00
Oddvar Moe
7addc14d7f
Update Eventvwr.yml
...
Category change
2018-12-12 12:45:05 +01:00
Oddvar Moe
57b348fb03
Added AWL Bypass to msdeploy
2018-12-12 12:34:59 +01:00
dave5623
889e86be04
Update Sqlps.yml
...
Minor Typo Fix
2018-12-11 09:38:39 -05:00
Maverick
99d1eed476
Correct wrongly attributed twitter handle
...
- it should be *Moriarty_Meng* instead of *moriarty2016*
2018-12-10 21:26:33 +01:00
Oddvar Moe
1af009d707
Added example to DFSVC - Thanks to PolarBearGod
2018-12-10 18:45:41 +01:00
Oddvar Moe
c9b4b244fa
Added ftp.exe
2018-12-10 15:03:30 +01:00
Oddvar Moe
04d193ccfa
Minor typo in Runscripthelper.exe
2018-12-10 14:38:48 +01:00
Oddvar Moe
94368c1e69
Major changes to Web portal - Small fixes to source files to adjust
2018-12-10 14:28:12 +01:00
bohops
2b77add5b4
Update Mmc.yml
2018-12-04 19:38:17 -05:00
bohops
931ea67ce4
Update Mmc.yml
2018-12-04 19:35:52 -05:00
bohops
838f2c9a49
Create Mmc.yml
2018-12-04 19:35:26 -05:00
bohops
cb1db201b8
Create Verclsid.yml
2018-12-04 19:26:34 -05:00
bohops
ef2b253227
Update Xwizard.yml
2018-12-04 19:09:42 -05:00
bohops
34b1287f10
Added rundll32 -sta COM server execution
2018-12-04 18:59:08 -05:00
Jacob Gajek
fd44373927
Eventvwr.exe UAC bypass
2018-11-01 15:20:09 -04:00
Oddvar Moe
60874f9754
Changed from non-existing category persistence to execute
2018-10-25 21:35:37 +02:00
Oddvar Moe
a61d2586cf
Errors in YAML files corrected
2018-10-25 21:24:55 +02:00
Oddvar Moe
550263cd1e
Removed MD files, we only use the webportal from now on. All MD files moved to archive
2018-10-25 18:31:11 +02:00
xenoscr
d6fe95fe98
Adding Microsoft.Workflow.Compiler.exe and payload examples.
2018-10-24 22:48:45 -04:00
Ossi Väänänen
31d7b4aa77
Failed to RTFM -- removed .md, added .yml
2018-10-24 11:55:52 +03:00
Conor Richard
c103cb3677
Adding 'Execute' categories to existing 'AWL Bypass' binaries.
2018-10-05 15:06:01 -04:00
bohops
6381da333c
Added Acknowledgement
2018-10-04 10:08:21 -04:00
bohops
783b4f3d9f
Added AWL Bypass
2018-10-04 10:07:02 -04:00
bohops
f8e9ac5a0a
Fixed a few categories
2018-09-26 10:33:52 -04:00
Oddvar Moe
bac3b9e56c
Update scripts with new template. Fixed mgmt script for webportal. Adjustments to existing yml files
2018-09-26 11:41:58 +02:00
Oddvar Moe
d48273583e
Changed alternate data stream to ADS as category
2018-09-26 09:34:01 +02:00
Oddvar Moe
7961a99173
minor adjustments
2018-09-25 02:33:38 +02:00
Oddvar Moe
f8fec9849b
Minor adjustments to be yaml compliant
2018-09-24 23:18:00 +02:00
Oddvar Moe
37cc1ee83e
Changed all OSBinaries according to the new template
2018-09-24 21:59:43 +02:00
bohops
68884a4c13
Update Zipfldr.yml
2018-09-24 14:36:13 -04:00
bohops
679a8a66bb
Update Url.yml
2018-09-24 14:35:06 -04:00
bohops
d045db1755
Update Url.yml
2018-09-24 14:34:40 -04:00
bohops
9c3dbada06
Update Setupapi.yml
2018-09-24 14:32:16 -04:00
bohops
ceebe9a9b9
Update Shdocvw.yml
2018-09-24 14:31:32 -04:00
bohops
c7925f613f
Update Shell32.yml
2018-09-24 14:30:52 -04:00
bohops
2a79b98b6a
Update Syssetup.yml
2018-09-24 14:29:33 -04:00
bohops
2c9043a8fe
Update Shell32.yml
2018-09-24 14:26:49 -04:00
bohops
e618d6eeb0
Update Shdocvw.yml
2018-09-24 14:08:10 -04:00
bohops
bd6580eee8
Update Setupapi.yml
2018-09-24 14:04:31 -04:00
bohops
6128b4ea62
Update Pcwutl.yml
2018-09-24 14:02:23 -04:00
bohops
d7fd801a4d
Update Mshtml.yml
2018-09-24 13:54:07 -04:00
bohops
46cee0e239
Update Advpack.yml
2018-09-24 13:52:23 -04:00
bohops
93a2dcc4c4
Update Ieadvpack.yml
2018-09-24 13:51:19 -04:00
bohops
42bcafa0ff
Update Ieframe.yml
2018-09-24 13:50:33 -04:00
bohops
3d7716bc14
Update Ieadvpack.yml
2018-09-24 13:49:04 -04:00
bohops
f9d4581396
Update Advpack.yml
2018-09-24 13:42:17 -04:00
bohops
26f5d809c4
Update Advpack.yml
2018-09-23 22:29:44 -04:00
bohops
b330d43116
Changed to latest template
2018-09-23 22:23:04 -04:00
Oddvar Moe
adafa6de3f
Update readme, began updating OSBins with new template
2018-09-24 01:50:14 +02:00
Conor Richard
e8c7042468
Removing duplicate file
2018-09-21 23:20:32 -04:00
Conor Richard
4335223a8b
Moving non-MS script to LOLUtilz, archive
2018-09-21 23:19:05 -04:00
Conor Richard
58e88b98f9
Completed template update of OterMSBinaries
2018-09-21 22:58:00 -04:00
Conor Richard
95dc80b8cd
Updated yml for: appvlp and bginfo.
2018-09-18 23:06:22 -04:00
Conor Richard
3266cb4d46
Testing new template display
2018-09-18 22:35:46 -04:00
Oddvar Moe
c949e100bd
MD files generate from Script, and adjustments to readme
2018-09-14 15:48:52 +02:00