| 
							
							
								 securepeacock | 68c14b894c | Update UtilityFunctions.yml (#228) | 2022-09-02 18:42:59 +01:00 |  | 
			
				
					| 
							
							
								 Wietze | e1df4e9f83 | Merge remote-tracking branch 'upstream/master' into windows_11_sprint | 2022-09-02 17:23:45 +01:00 |  | 
			
				
					| 
							
							
								 Oddvar Moe | c5c227a7ba | added sigma detection for pester | 2022-09-02 17:18:24 +01:00 |  | 
			
				
					| 
							
							
								 Oddvar Moe | 5a38aa722f | Adjusted comment in command | 2022-09-02 17:18:24 +01:00 |  | 
			
				
					| 
							
							
								 Oddvar Moe | 4b99cadd85 | Update pester.bat with an additional example | 2022-09-02 17:18:23 +01:00 |  | 
			
				
					| 
							
							
								 Wietze | 400158f2df | Add sigma references to CL_LoadAssembly, CLMutexVerifiers entries (#221) | 2022-09-02 17:16:58 +01:00 |  | 
			
				
					| 
							
							
								 Grzegorz Tworek | 9b70f38986 | Create Ldifde.yml | 2022-08-31 17:58:30 +02:00 |  | 
			
				
					| 
							
							
								 Oddvar Moe | 68a6f0a35f | added sigma detection for pester | 2022-08-24 12:32:48 +02:00 |  | 
			
				
					| 
							
							
								 721574n | 4b564464fd | Added external reference for Rundll32 | 2022-08-24 12:11:31 +02:00 |  | 
			
				
					| 
							
							
								 Oddvar Moe | c53a8ea06e | Adjusted comment in command | 2022-08-23 15:47:17 +02:00 |  | 
			
				
					| 
							
							
								 Oddvar Moe | fdc1b2c827 | Update pester.bat with an additional example | 2022-08-23 15:44:57 +02:00 |  | 
			
				
					| 
							
							
								 fslds | da469d0652 | Doc update | 2022-08-08 20:40:26 +00:00 |  | 
			
				
					| 
							
							
								 fslds | 3162825fdc | Split procdump name pattern into two actual names. | 2022-08-08 20:27:04 +00:00 |  | 
			
				
					| 
							
							
								 fslds | 55111b05b2 | punctuation | 2022-08-08 20:22:58 +00:00 |  | 
			
				
					| 
							
							
								 fslds | fbff11e632 | Added explanatory comments | 2022-08-08 20:20:08 +00:00 |  | 
			
				
					| 
							
							
								 fslds | c67eaec5cf | Adding aliases key to YAML template | 2022-08-08 20:18:04 +00:00 |  | 
			
				
					| 
							
							
								 Oddvar Moe | 8283d8d915 | Delete Dllhost.yml https://twitter.com/0gtweet/status/1533804788038647808 | 2022-06-09 10:51:40 +02:00 |  | 
			
				
					| 
							
							
								 frack113 | 91350057ce | Add sigma references to CL_LoadAssembly, CLMutexVerifiers entries (#221) | 2022-06-04 11:50:35 +01:00 |  | 
			
				
					| 
							
							
								 Wietze | 539c1da0fa | Merge branch 'master' into windows_11_sprint | 2022-05-25 09:25:42 +01:00 |  | 
			
				
					| 
							
							
								 Chris "Lopi" Spehn | 0dc56e9148 | Merge pull request #220 from tsale/patch-1 Update Hh.yml | 2022-05-24 17:33:07 -06:00 |  | 
			
				
					| 
							
							
								 Kostas | 314f585da9 | Update Hh.yml Added SysWoW64 Path | 2022-05-24 15:29:03 -07:00 |  | 
			
				
					| 
							
							
								 Kostas | aae794c59c | Update Hh.yml Fixing the full path of the hh.exe binary to C:\Windows\hh.exe | 2022-05-24 14:23:18 -07:00 |  | 
			
				
					| 
							
							
								 Wietze | 7797a1967c | Merge branch 'master' into windows_11_sprint | 2022-05-24 08:38:50 +01:00 |  | 
			
				
					| 
							
							
								 frack113 | f85eeb748a | Add Sigma references to conhost, imewdbld, ie4uinit, ilasm, offlinescannershell and replace (#219) | 2022-05-23 12:35:58 +01:00 |  | 
			
				
					| 
							
							
								 Chris "Lopi" Spehn | 36945392ca | Merge pull request #201 from wietze/new/Conhost Adding Conhost.exe LOLBAS | 2022-05-19 10:27:10 -06:00 |  | 
			
				
					| 
							
							
								 Chris "Lopi" Spehn | e872ce028b | Merge pull request #214 from jstnk9/master Added new sigma rule and references to desk.cpl | 2022-05-19 10:21:21 -06:00 |  | 
			
				
					| 
							
							
								 Chris "Lopi" Spehn | 82f19b22e7 | Merge pull request #217 from ManuelBerrueta/master Updated yml/OtherMSBinaries/Sqlps.yml, used recently in a campaign sh… | 2022-05-19 10:19:22 -06:00 |  | 
			
				
					| 
							
							
								 ManuelBerrueta | 68b772a567 | Updated yml/OtherMSBinaries/Sqlps.yml, used recently in a campaign shared my Microsoft Security Intelligence. Would be useful reference for Red Teamers/Offensive Security Engineers as well as Blue Teamers/Defenders who reference this open source project/library. | 2022-05-19 07:12:37 -07:00 |  | 
			
				
					| 
							
							
								 Chris "Lopi" Spehn | 3ce3ec6656 | Merge pull request #216 from TactiKoolSec/master Added entry for rdrleakdiag.exe process dumping lolbas | 2022-05-19 07:32:58 -06:00 |  | 
			
				
					| 
							
							
								 John Dwyer | 90b6082f1d | Update Rdrleakdiag.yml | 2022-05-19 13:30:11 +00:00 |  | 
			
				
					| 
							
							
								 John Dwyer | e2493d8ccf | Detection Resources and Other Updates (LOLBAS-Project#84) https://github.com/LOLBAS-Project/LOLBAS/issues/84 | 2022-05-18 19:00:26 +00:00 |  | 
			
				
					| 
							
							
								 John Dwyer | d935f096fd | Added rdrleakdiag dump Added yaml for rdrleakdiag process dumping capability | 2022-05-18 18:58:04 +00:00 |  | 
			
				
					| 
							
							
								 frack113 | d1738b946b | Adding various Sigma references (#213) Co-authored-by: Wietze <wietze@users.noreply.github.com> | 2022-05-17 09:18:45 +01:00 |  | 
			
				
					| 
							
							
								 bohops | 3571a7ad88 | Create AccCheckConsole.yml (#187) | 2022-05-15 21:55:16 +01:00 |  | 
			
				
					| 
							
							
								 mrd0x | 7c2f3231d3 | Adding Dump64.exe (#182) Co-authored-by: mrd0x <mrd0x@example.com>
Co-authored-by: Wietze <wietze@users.noreply.github.com> | 2022-05-15 21:21:45 +01:00 |  | 
			
				
					| 
							
							
								 Wietze | b333db4f91 | Fixing typo (ieaframe -> ieframe) | 2022-05-15 21:06:33 +01:00 |  | 
			
				
					| 
							
							
								 akshat pradhan | 79f4cbdb7f | Changed tid to T1105 for downloads (#195) | 2022-05-15 20:38:24 +01:00 |  | 
			
				
					| 
							
							
								 jstnk9 | 00bc9177bd | Added new sigma rule and references Added new sigma rule and references | 2022-05-15 16:42:44 +02:00 |  | 
			
				
					| 
							
							
								 Wietze | 2b20998371 | Remove redundant powershell command from comsvcs entry | 2022-05-05 11:18:39 +01:00 |  | 
			
				
					| 
							
							
								 Wietze | b92ee99627 | Addressing @bohops's feedback | 2022-05-05 11:12:22 +01:00 |  | 
			
				
					| 
							
							
								 bohops | d93539bf9b | Quick fix for syntax and removed IOC | 2022-04-29 23:06:41 -04:00 |  | 
			
				
					| 
							
							
								 cr1sp4 | 666e6e8645 | Update Desk.yml (#210) Added Sigma rules. | 2022-04-29 22:52:57 -04:00 |  | 
			
				
					| 
							
							
								 Wietze | 619aafbfa2 | Adding extra contributor to Desk.cpl entry | 2022-04-28 13:01:35 +01:00 |  | 
			
				
					| 
							
							
								 Wietze | 4a8bdf4844 | Fix casing on Desk.cpl entry | 2022-04-27 11:20:13 +01:00 |  | 
			
				
					| 
							
							
								 LuxNoBu!!shit | 6ed0fb9326 | Create Desk.cpl (#207) Co-authored-by: Wietze <wietze@users.noreply.github.com> | 2022-04-27 11:15:15 +01:00 |  | 
			
				
					| 
							
							
								 Wietze | e4261b1f02 | Fixing typo | 2022-04-26 16:59:14 +01:00 |  | 
			
				
					| 
							
							
								 Wietze | 5c46dd63f5 | Giving Hexacorn the proper credit | 2022-04-07 15:50:39 +01:00 |  | 
			
				
					| 
							
							
								 Wietze | 4df2e43c82 | Adding Conhost.exe LOLBAS | 2022-04-05 18:46:58 +01:00 |  | 
			
				
					| 
							
							
								 Wietze | 55a7ea9a81 | Fixing wlrmdr entry | 2022-02-16 21:02:24 +00:00 |  | 
			
				
					| 
							
							
								 Moshe Kaplan | 12c85eb8f0 | Create wlrmdr.yml (#194) Co-authored-by: Wietze <wietze@users.noreply.github.com> | 2022-02-16 20:41:14 +00:00 |  |