hegusung 
							
						 
					 
					
						
						
							
						
						57e5e0d712 
					 
					
						
						
							
							Update Sqlps.yml Tags  
						
						... 
						
						
						
						Added Tags:
Execute Powershell 
						
						
					 
					
						2024-10-13 22:26:03 +02:00 
						 
				 
			
				
					
						
							
							
								hegusung 
							
						 
					 
					
						
						
							
						
						fa2ded3a97 
					 
					
						
						
							
							Update Remote.yml Tags  
						
						... 
						
						
						
						Added Tags:
Execute EXE
Execute Remote 
						
						
					 
					
						2024-10-13 22:24:35 +02:00 
						 
				 
			
				
					
						
							
							
								hegusung 
							
						 
					 
					
						
						
							
						
						c6753c4b2d 
					 
					
						
						
							
							Update Rcsi.yml Tags  
						
						... 
						
						
						
						Added Tags:
Execute: Csharp 
						
						
					 
					
						2024-10-13 22:23:27 +02:00 
						 
				 
			
				
					
						
							
							
								hegusung 
							
						 
					 
					
						
						
							
						
						7b7c58b2d1 
					 
					
						
						
							
							Update OpenConsole.yml Tags  
						
						... 
						
						
						
						Added Tags:
- Execute: EXE 
						
						
					 
					
						2024-10-13 22:21:46 +02:00 
						 
				 
			
				
					
						
							
							
								hegusung 
							
						 
					 
					
						
						
							
						
						f9ea58c0e2 
					 
					
						
						
							
							Update Msxsl.yml Tags  
						
						... 
						
						
						
						Added Tags:
Execute: XSL
Execute: Remote 
						
						
					 
					
						2024-10-13 22:20:50 +02:00 
						 
				 
			
				
					
						
							
							
								hegusung 
							
						 
					 
					
						
						
							
						
						2e922f4099 
					 
					
						
						
							
							Update Msdeploy.yml Tags  
						
						... 
						
						
						
						Added Tags
Execute: CMD 
						
						
					 
					
						2024-10-13 22:19:15 +02:00 
						 
				 
			
				
					
						
							
							
								hegusung 
							
						 
					 
					
						
						
							
						
						e839f4bbbe 
					 
					
						
						
							
							Update Microsoft.NodejsTools.PressAnyKey.yml Tags  
						
						... 
						
						
						
						Added Tags:
Execute EXE 
						
						
					 
					
						2024-10-13 22:18:12 +02:00 
						 
				 
			
				
					
						
							
							
								hegusung 
							
						 
					 
					
						
						
							
						
						5f2bc7efc2 
					 
					
						
						
							
							Update Mftrace.yml Tags  
						
						... 
						
						
						
						Added Tags:
Execute: EXE 
						
						
					 
					
						2024-10-13 22:15:53 +02:00 
						 
				 
			
				
					
						
							
							
								hegusung 
							
						 
					 
					
						
						
							
						
						a5ede4597c 
					 
					
						
						
							
							Update FsiAnyCpu.yml tags  
						
						... 
						
						
						
						Added Tags:
Execute Fsharp 
						
						
					 
					
						2024-10-13 22:14:57 +02:00 
						 
				 
			
				
					
						
							
							
								hegusung 
							
						 
					 
					
						
						
							
						
						bc80d35981 
					 
					
						
						
							
							Update Fsi.yml tags  
						
						... 
						
						
						
						Added Tags:
Execute Fsharp 
						
						
					 
					
						2024-10-13 22:14:09 +02:00 
						 
				 
			
				
					
						
							
							
								hegusung 
							
						 
					 
					
						
						
							
						
						e2d2633470 
					 
					
						
						
							
							Update Dxcap.yml Tags  
						
						... 
						
						
						
						Added Tags:
Execute EXE 
						
						
					 
					
						2024-10-13 22:10:39 +02:00 
						 
				 
			
				
					
						
							
							
								hegusung 
							
						 
					 
					
						
						
							
						
						b24f3ab6ab 
					 
					
						
						
							
							Update Dotnet.yml tags  
						
						... 
						
						
						
						Added Tags:
Execute: .NetDLL
Execute: Fsharp
Execute: CSProj 
						
						
					 
					
						2024-10-13 22:09:40 +02:00 
						 
				 
			
				
					
						
							
							
								hegusung 
							
						 
					 
					
						
						
							
						
						bd6667bc9a 
					 
					
						
						
							
							Update Dnx.yml Tags  
						
						... 
						
						
						
						Added Tag:
Execute C# 
						
						
					 
					
						2024-10-13 22:07:27 +02:00 
						 
				 
			
				
					
						
							
							
								hegusung 
							
						 
					 
					
						
						
							
						
						1ba7b664e3 
					 
					
						
						
							
							Update Devtoolslauncher.yml Tags  
						
						... 
						
						
						
						Added Tags
- Execute EXE 
						
						
					 
					
						2024-10-13 22:03:26 +02:00 
						 
				 
			
				
					
						
							
							
								hegusung 
							
						 
					 
					
						
						
							
						
						6e9faa63da 
					 
					
						
						
							
							Update Devinit.yml Tags  
						
						... 
						
						
						
						Added Tags:
Execute MSI
Execute Remote 
						
						
					 
					
						2024-10-13 22:02:22 +02:00 
						 
				 
			
				
					
						
							
							
								hegusung 
							
						 
					 
					
						
						
							
						
						eb3afc669e 
					 
					
						
						
							
							Update DefaultPack.yml Tags  
						
						... 
						
						
						
						Added Tags:
Execute EXE 
						
						
					 
					
						2024-10-13 22:01:33 +02:00 
						 
				 
			
				
					
						
							
							
								hegusung 
							
						 
					 
					
						
						
							
						
						83c34ff627 
					 
					
						
						
							
							Update Csi.yml Tags  
						
						... 
						
						
						
						Added Tags:
Execute: C# 
						
						
					 
					
						2024-10-13 21:56:45 +02:00 
						 
				 
			
				
					
						
							
							
								hegusung 
							
						 
					 
					
						
						
							
						
						edf0105284 
					 
					
						
						
							
							Update Coregen.yml Tags  
						
						... 
						
						
						
						Added Execute: DLL tag 
						
						
					 
					
						2024-10-13 21:43:38 +02:00 
						 
				 
			
				
					
						
							
							
								hegusung 
							
						 
					 
					
						
						
							
						
						37eaa488d1 
					 
					
						
						
							
							Update Cdb.yml Tags  
						
						... 
						
						
						
						Added Tags:
Execute: CMD
Execute: Shellcode 
						
						
					 
					
						2024-10-13 21:42:37 +02:00 
						 
				 
			
				
					
						
							
							
								hegusung 
							
						 
					 
					
						
						
							
						
						351a3bcac6 
					 
					
						
						
							
							Update Bginfo.yml Tags  
						
						... 
						
						
						
						Added Tag:
Execute: Remote 
						
						
					 
					
						2024-10-13 21:36:52 +02:00 
						 
				 
			
				
					
						
							
							
								hegusung 
							
						 
					 
					
						
						
							
						
						e4f73cfafa 
					 
					
						
						
							
							Update Appvlp.yml Tags  
						
						... 
						
						
						
						Added Tags:
Execute CMD
Execute EXE 
						
						
					 
					
						2024-10-13 21:35:16 +02:00 
						 
				 
			
				
					
						
							
							
								hegusung 
							
						 
					 
					
						
						
							
						
						f4cd4d0bd1 
					 
					
						
						
							
							Update Appcert.yml Tags  
						
						... 
						
						
						
						Added Tags:
Execute EXE
Execute MSI 
						
						
					 
					
						2024-10-13 21:25:16 +02:00 
						 
				 
			
				
					
						
							
							
								hegusung 
							
						 
					 
					
						
						
							
						
						8fc6995678 
					 
					
						
						
							
							Update Agentexecutor.yml Tags  
						
						... 
						
						
						
						Added Tags:
Execute Powershell
Execute EXE 
						
						
					 
					
						2024-10-13 21:23:22 +02:00 
						 
				 
			
				
					
						
							
							
								hegusung 
							
						 
					 
					
						
						
							
						
						a01bab762e 
					 
					
						
						
							
							Update Adplus.yml Tags  
						
						... 
						
						
						
						Changed Tags:
- Execute CMD
- Execute EXE 
						
						
					 
					
						2024-10-13 21:21:32 +02:00 
						 
				 
			
				
					
						
							
							
								hegusung 
							
						 
					 
					
						
						
							
						
						16d84e33e6 
					 
					
						
						
							
							Update AccCheckConsole.yml Tags  
						
						... 
						
						
						
						Changed DLL to .NetDLL 
						
						
					 
					
						2024-10-13 21:17:55 +02:00 
						 
				 
			
				
					
						
							
							
								Wietze 
							
						 
					 
					
						
						
							
						
						f69b8abae1 
					 
					
						
						
							
							Removing empty resource sections  
						
						
						
						
					 
					
						2024-10-02 01:55:22 +01:00 
						 
				 
			
				
					
						
							
							
								Wietze 
							
						 
					 
					
						
						
							
						
						7e171658dd 
					 
					
						
						
							
							Remove broken imgur link  
						
						
						
						
					 
					
						2024-10-02 01:20:22 +01:00 
						 
				 
			
				
					
						
							
							
								Wietze 
							
						 
					 
					
						
						
							
						
						55d84345ac 
					 
					
						
						
							
							Adding <version> placeholder to Vshadow  
						
						
						
						
					 
					
						2024-10-01 23:45:18 +01:00 
						 
				 
			
				
					
						
							
							
								Wietze 
							
						 
					 
					
						
						
							
						
						39a7120d40 
					 
					
						
						
							
							Adding Windows file path validation for values of File_Path ( #403 )  
						
						
						
						
					 
					
						2024-10-01 23:14:19 +01:00 
						 
				 
			
				
					
						
							
							
								Avihay Eldad 
							
						 
					 
					
						
						
							
						
						d8402e6651 
					 
					
						
						
							
							Add VSLaunchBrowser.yml ( #367 )  
						
						
						
						
					 
					
						2024-10-01 22:37:11 +01:00 
						 
				 
			
				
					
						
							
							
								Avihay Eldad 
							
						 
					 
					
						
						
							
						
						bfa71cc57e 
					 
					
						
						
							
							Add DTUtil.yml ( #382 )  
						
						... 
						
						
						
						Co-authored-by: Wietze <wietze@users.noreply.github.com > 
						
						
					 
					
						2024-09-07 15:16:04 +01:00 
						 
				 
			
				
					
						
							
							
								p4yl0ad 
							
						 
					 
					
						
						
							
						
						cfd827fe6d 
					 
					
						
						
							
							Fixing some paths / adding some paths, this will improve upstream hunting tool efficacy if proper paths are referenced in the yml ( #392 )  
						
						
						
						
					 
					
						2024-09-07 15:07:46 +01:00 
						 
				 
			
				
					
						
							
							
								Avihay Eldad 
							
						 
					 
					
						
						
							
						
						d5d11f47a1 
					 
					
						
						
							
							Add Xsd.yml ( #366 )  
						
						
						
						
					 
					
						2024-08-17 22:18:59 +01:00 
						 
				 
			
				
					
						
							
							
								Avihay Eldad 
							
						 
					 
					
						
						
							
						
						da4f6e5407 
					 
					
						
						
							
							Update Msdeploy.yml and add copy utility ( #354 )  
						
						
						
						
					 
					
						2024-07-15 20:53:17 +01:00 
						 
				 
			
				
					
						
							
							
								Nathan 
							
						 
					 
					
						
						
							
						
						70268a5a9f 
					 
					
						
						
							
							fix parameter typo for squirrel.exe ( #383 )  
						
						
						
						
					 
					
						2024-07-12 18:49:30 +01:00 
						 
				 
			
				
					
						
							
							
								unrooted 
							
						 
					 
					
						
						
							
						
						03b527b105 
					 
					
						
						
							
							Update wsl.exe description ( #378 )  
						
						... 
						
						
						
						Co-authored-by: Wietze <wietze@users.noreply.github.com > 
						
						
					 
					
						2024-06-06 23:42:25 +01:00 
						 
				 
			
				
					
						
							
							
								Avihay Eldad 
							
						 
					 
					
						
						
							
						
						35148cc39e 
					 
					
						
						
							
							Add Visio.exe as a downloader ( #356 )  
						
						... 
						
						
						
						Co-authored-by: Wietze <wietze@users.noreply.github.com > 
						
						
					 
					
						2024-06-05 23:50:25 +01:00 
						 
				 
			
				
					
						
							
							
								Avihay Eldad 
							
						 
					 
					
						
						
							
						
						78fa7b550e 
					 
					
						
						
							
							Add Winfile.yml ( #374 )  
						
						... 
						
						
						
						Co-authored-by: Wietze <wietze@users.noreply.github.com > 
						
						
					 
					
						2024-05-23 00:02:56 +01:00 
						 
				 
			
				
					
						
							
							
								Wietze 
							
						 
					 
					
						
						
							
						
						2cc0ee99e6 
					 
					
						
						
							
							Applying MITRE ATT&CK v15 changes ( #370 )  
						
						... 
						
						
						
						https://attack.mitre.org/resources/updates/updates-april-2024/  
					
						2024-04-24 15:10:59 +01:00 
						 
				 
			
				
					
						
							
							
								Avihay Eldad 
							
						 
					 
					
						
						
							
						
						aea7bd082d 
					 
					
						
						
							
							Add Winproj.exe as a downloader ( #351 )  
						
						... 
						
						
						
						Co-authored-by: Wietze <wietze@users.noreply.github.com > 
						
						
					 
					
						2024-04-05 19:19:49 +01:00 
						 
				 
			
				
					
						
							
							
								C-h4ck-0 
							
						 
					 
					
						
						
							
						
						3c826ab1ca 
					 
					
						
						
							
							Add MSAccess as a new downloader ( #288 )  
						
						... 
						
						
						
						Co-authored-by: Wietze <wietze@users.noreply.github.com > 
						
						
					 
					
						2024-04-05 19:18:57 +01:00 
						 
				 
			
				
					
						
							
							
								Wietze 
							
						 
					 
					
						
						
							
						
						ebbf08ec4d 
					 
					
						
						
							
							Adding tags ( closes   #9 ,  #318 ) ( #362 )  
						
						... 
						
						
						
						* Adding various tags as a first iteration
* Adding quotes
* Adding 'Custom Format' properly
* Updating to key:value pairs
* Update template 
						
						
					 
					
						2024-04-03 11:53:36 -04:00 
						 
				 
			
				
					
						
							
							
								Avihay Eldad 
							
						 
					 
					
						
						
							
						
						a945bac6be 
					 
					
						
						
							
							Create Appcert.yml ( #361 )  
						
						... 
						
						
						
						Co-authored-by: Wietze <wietze@users.noreply.github.com > 
						
						
					 
					
						2024-03-31 18:56:11 +01:00 
						 
				 
			
				
					
						
							
							
								Avihay Eldad 
							
						 
					 
					
						
						
							
						
						65e05aa4d6 
					 
					
						
						
							
							Update Te.yml ( #359 )  
						
						... 
						
						
						
						Co-authored-by: Wietze <wietze@users.noreply.github.com > 
						
						
					 
					
						2024-03-31 13:43:00 +01:00 
						 
				 
			
				
					
						
							
							
								Wietze 
							
						 
					 
					
						
						
							
						
						80267d91dd 
					 
					
						
						
							
							Adding GitHub Actions workflow test for duplicate filenames ( #340 )  
						
						... 
						
						
						
						* Adding GitHub Actions workflow test for duplicate filenames
* Adding generic error message
* Deduping fsutil.exe and teams.exe 
						
						
					 
					
						2023-11-07 20:55:24 -05:00 
						 
				 
			
				
					
						
							
							
								Wietze 
							
						 
					 
					
						
						
							
						
						760151b598 
					 
					
						
						
							
							Fixing yml files with .yaml extension ( #338 )  
						
						
						
						
					 
					
						2023-10-19 17:17:15 +01:00 
						 
				 
			
				
					
						
							
							
								frack113 
							
						 
					 
					
						
						
							
						
						4f83231697 
					 
					
						
						
							
							Update old sigma link ( #303 )  
						
						... 
						
						
						
						* Update SigmaHQ ref
Signed-off-by: frack113 <62423083+frack113@users.noreply.github.com >
* Update SigmaHQ ref
Signed-off-by: frack113 <62423083+frack113@users.noreply.github.com >
* Update SigmaHq ref
Signed-off-by: frack113 <62423083+frack113@users.noreply.github.com >
* Update SigmaHq ref
Signed-off-by: frack113 <62423083+frack113@users.noreply.github.com >
---------
Signed-off-by: frack113 <62423083+frack113@users.noreply.github.com > 
						
						
					 
					
						2023-10-18 11:30:34 -04:00 
						 
				 
			
				
					
						
							
							
								Onat Uzunyayla 
							
						 
					 
					
						
						
							
						
						7aba6fb550 
					 
					
						
						
							
							Create vstest.console.exe ( #322 )  
						
						... 
						
						
						
						* vstest.console.exe awl bypass
* Create testwindowremoteagent.yaml
Data Exfiltration with TestWindowRemoteAgent.exe is added
* Create vstest.yaml
In order to utilize this, you have to create a Unit Test project for c++ preferrably (because it builds into a single DLL easily) and write your malicious code inside the test method then build it. the main function will not run any code at all but when you call vstest.console to run your unit tests it also performs the other code inside the test method so you can run your code without directly running exe or dll
* Delete testwindowremoteagent.yaml
* Update vstest.yaml
A new description added 
						
						
					 
					
						2023-10-18 11:28:04 -04:00 
						 
				 
			
				
					
						
							
							
								Kamran Saifullah - Frog Man 
							
						 
					 
					
						
						
							
						
						b13eb6f4fd 
					 
					
						
						
							
							DevTunnels - Other MS Binary for Data Exfiltration ( #327 )  
						
						... 
						
						
						
						* Add files via upload
* updated devtunnels.yml
* Update devtunnels.yml
* Update devtunnels.yml
* Update devtunnels.yml
* Updated Priviliges 
						
						
					 
					
						2023-10-15 00:05:54 +02:00 
						 
				 
			
				
					
						
							
							
								Wietze 
							
						 
					 
					
						
						
							
						
						b3951952b0 
					 
					
						
						
							
							Fixing command attribute on Vshadow  
						
						
						
						
					 
					
						2023-10-03 17:41:18 +01:00