public-mirrors/LOLBAS
1
0
Fork 0
mirror of https://github.com/LOLBAS-Project/LOLBAS synced 2025-04-16 11:53:55 +02:00
Code Issues Projects Releases Wiki Activity
646 Commits 4 Branches 0 Tags
Commit Graph

316 Commits

Author SHA1 Message Date
bohops
198b421d15
Merge pull request #130 from whickey-r7/patch-3 
Create IMEWDBLD.yml
 2021-09-25 22:07:23 -04:00
John Lambert
ecbc2f817f
Add lolbin for fltMC.exe 
Used by redteams for defense evasion to disable drivers used by agents like sysmon

https://www.darkoperator.com/blog/2018/10/5/operating-offensively-against-sysmon
https://github.com/oddcod3/Phantom-Evasion/blob/master/Modules/post-exploitation/Postex_CMD_UnloadSysmonDriver_windows.py
 2021-09-18 17:43:59 -07:00
Ruben
bb73c013fb
Update Finger.yml 
Fixed header and footer
 2021-08-30 13:30:52 +02:00
Rubén
670a5f1870 Create Finger.exe 2021-08-30 13:16:08 +02:00
Elliot Killick
6e047908a4
Create OneDriveStandaloneUpdater.yml 2021-08-28 05:16:35 -04:00
Elliot Killick
02207882f6
Create cmdl32.yml 2021-08-28 00:55:50 -04:00
Elliot Killick
3b1fd0ea8e
Create SettingSyncHost.yml 2021-08-26 13:35:15 -04:00
Elliot Killick
692a3bf4c2
Remove .exe from command and increase specificity 2021-08-26 12:49:43 -04:00
Elliot Killick
34af96f564
Remove .exe from command 2021-08-26 12:21:34 -04:00
Elliot Killick
084fb83984
Remove .exe from command and increase specificity 2021-08-26 12:07:04 -04:00
bohops
f51a70c03e
Merge pull request #143 from Efraim-Kaplan/patch-1 
Fixed Typo
 2021-08-26 09:08:40 -04:00
Elliot Killick
d521284bb9
Create DeviceCredentialDeployment.yml 2021-08-16 20:21:48 -04:00
Elliot Killick
26a15f55cf
Create OfflineScannerShell.yml 2021-08-16 19:46:47 -04:00
Elliot Killick
95baee85fd
Create WorkFolders.yml 2021-08-16 19:42:32 -04:00
Elliot Killick
5ba729ee1d
Create fsutil.yml 2021-08-16 19:37:37 -04:00
Elliot Killick
63af8cca3b
Add resources section and improve formatting 2021-07-10 11:54:35 -04:00
Josh Brower
87c3319ad4
Fix ART link 2021-07-06 13:56:24 -04:00
Efraim-Kaplan
ebf494ae4d
FIxed typo 
Replaced "handeling" with "handling".
 2021-07-02 17:33:53 -04:00
Elliot Killick
8f705bb7a4
Create PrintBrm.yml 
New lolbin for zipping & unzipping to and from UNC paths and ADS. The zip file could also serve as a useful form of obfuscation for evading detection.
 2021-06-22 02:11:27 +00:00
Parker McGee
bbf14cf4b9
Fix a typo in Findstr.yml 
`finstr.exe` should be `findstr.exe`
 2021-03-20 16:40:37 -04:00
whickey-r7
782bc68c7c
Create IMEWDBLD.yml 2021-03-05 11:35:06 -05:00
Oddvar Moe
7c1a4a7959
Merge pull request #125 from wokis/master 
Added detection by Microsoft Defender Antivirus as Behavior:Win32/UACBypassExp.T!gen
 2021-01-21 22:58:24 +01:00
Oddvar Moe
b79a48f082 Fixed Category on pnputil 2021-01-21 22:54:58 +01:00
Oddvar Moe
2406d99f33
Rename pnputil.yml to Pnputil.yml 
Casing
 2021-01-21 22:49:19 +01:00
Oddvar Moe
64914b641c Adjusted error on pnputil yml file 2021-01-21 22:48:05 +01:00
Oddvar Moe
5b9c4f63dc
Merge pull request #118 from LuxNoBulIshit/master 
Pnputil.exe
 2021-01-21 22:42:40 +01:00
Oddvar Moe
394d3c66f9
Merge pull request #112 from zeroSteiner/patch-1 
Update the affected operating systems for SyncAppvPublishingServer
 2021-01-21 22:35:50 +01:00
Oddvar Moe
97176a0a07
Merge pull request #110 from whickey-r7/patch-2 
Create AppInstaller.yml
 2021-01-21 22:29:35 +01:00
Oddvar Moe
6774d228a5
Merge pull request #109 from unexpectedBy/patch-2 
Create DataSvcUtil.yml
 2021-01-21 22:24:02 +01:00
wokis
00935f154e
Update Wsreset.yml 
Added detection by Microsoft Defender Antivirus as Behavior:Win32/UACBypassExp.T!gen
 2021-01-20 14:47:23 +01:00
Wietze
5012f95152
Fix Code_Sample field 2021-01-10 15:49:30 +00:00
Wietze
14dca38278
Standardise date formats (see https://yaml.org/type/timestamp.html) 2021-01-10 15:04:52 +00:00
LuxNoBu!!shit
0d819439c5
Create pnputil.exe 2020-12-25 12:14:15 -08:00
Spencer McIntyre
deb249042b
Update the affected operating systems for SyncAppvPublishingServer 2020-12-08 15:32:35 -05:00
whickey-r7
b381d04faf
Create AppInstaller.yml 
New lolbin for downloading files in Windows 10.
 2020-12-02 11:35:49 -05:00
unload
bfe248b07e
Create DataSvcUtil.yml 
Another data exfil way with lolbins
 2020-12-01 22:57:09 -03:00
Nasreddine Bencherchali
15d5ff302d
Create Dllhost.yml 2020-11-07 14:22:24 +01:00
Conor Richard
d15172284a
Merge pull request #101 from leo1-1/master 
added command to certutil
 2020-10-26 19:44:53 -04:00
Conor Richard
5806d33e70
Update Certutil.yml 2020-10-26 19:43:55 -04:00
leo1-1
64d5dffc4b
Delete certutil.yml 2020-10-26 08:59:00 +02:00
leo1-1
76d79ea479
Update Certutil 2020-10-26 08:57:42 +02:00
leo1-1
2166960d4e
changed path 2020-10-26 08:22:58 +02:00
Conor Richard
9a83179ddd
Merge pull request #99 from dtmsecurity/master 
Create Wuauclt.yml
 2020-10-24 22:29:34 -04:00
Conor Richard
04c0e7ee38
Update Explorer.yml 
Fixing alignment in Acknowledgement section
 2020-10-22 22:00:05 -04:00
Conor Richard
4f19dbba19
Merge pull request #93 from C3dr1cMFE/add_MpCmdRun_Bypass 
Update MpCmdRun.yml
 2020-10-22 21:05:37 -04:00
Conor Richard
d281faccd3
Merge pull request #92 from whickey-r7/patch-1 
Update Xwizard.yml
 2020-10-22 20:57:55 -04:00
Conor Richard
9a6309d8de
Update ConfigSecurityPolicy.yml 
Added link to Tweet from author containing an example usage.
 2020-10-22 20:38:50 -04:00
@dtmsecurity
651e156583
Create Wuauclt.yml 2020-10-12 19:24:45 +01:00
Cochin, Cedric
13026a481b Update MpCmdRun.yml 
DownloadFile option has been removed from current MpCmdRun.exe, but old binary remains on disk. Defender cmd line mitigation can be bypassed by simply renaming the binary in a folder controlled by the attacker
 2020-09-24 14:09:58 -07:00
whickey-r7
11aa1e503b
Update Xwizard.yml 
This lolbin has functionality which allows downloading of files from the internet as well as previously outlined execution functionality.
 2020-09-16 16:34:47 +00:00