public-mirrors/LOLBAS
1
0
Fork 0
mirror of https://github.com/LOLBAS-Project/LOLBAS synced 2025-07-27 04:32:24 +02:00
Code Issues Projects Releases Wiki Activity
812 Commits 4 Branches 0 Tags
5927125030fe07e8626a1527f184385286092aa0
Commit Graph

636 Commits

Author SHA1 Message Date
frack113
2cc01b0113 Add Detection Sigma ref (#368) 2024-04-19 18:53:37 +01:00
irEasty
fc23c999e6 Create wbadmin (#364) 
Co-authored-by: Wietze <wietze@users.noreply.github.com>
 2024-04-05 19:38:21 +01:00
Avihay Eldad
aea7bd082d Add Winproj.exe as a downloader (#351) 
Co-authored-by: Wietze <wietze@users.noreply.github.com>
 2024-04-05 19:19:49 +01:00
C-h4ck-0
3c826ab1ca Add MSAccess as a new downloader (#288) 
Co-authored-by: Wietze <wietze@users.noreply.github.com>
 2024-04-05 19:18:57 +01:00
Wietze
ebbf08ec4d Adding tags (closes #9, #318) (#362) 
* Adding various tags as a first iteration

* Adding quotes

* Adding 'Custom Format' properly

* Updating to key:value pairs

* Update template
 2024-04-03 11:53:36 -04:00
Avihay Eldad
a945bac6be Create Appcert.yml (#361) 
Co-authored-by: Wietze <wietze@users.noreply.github.com>
 2024-03-31 18:56:11 +01:00
Avesta
33b9574d04 Update Tar.yml (#310) 
Co-authored-by: Wietze <wietze@users.noreply.github.com>
 2024-03-31 14:00:57 +01:00
Avihay Eldad
65e05aa4d6 Update Te.yml (#359) 
Co-authored-by: Wietze <wietze@users.noreply.github.com>
 2024-03-31 13:43:00 +01:00
Axel Boesenach
3aa721515b Fix typo in /z command parameter (#360) 2024-03-23 11:13:30 +00:00
j00c3
23bf33c7c4 Update MITRE T1185 to T1105 (#345) 2024-02-17 17:30:52 +00:00
Bjarne
ce53e1376a Moved text to correct line (#349) 
Moved "and show response in terminal" from `Command` to `Description`
 2024-02-17 17:14:08 +00:00
Lino
bba87a6c2a TypoFix: Addinutil.yml (#342) 
Small typo fix:
serliaized -> serialized
 2024-02-13 13:37:40 +00:00
Wietze
80267d91dd Adding GitHub Actions workflow test for duplicate filenames (#340) 
* Adding GitHub Actions workflow test for duplicate filenames

* Adding generic error message

* Deduping fsutil.exe and teams.exe
 2023-11-07 20:55:24 -05:00
Grzegorz Tworek
5b4d6d604c Create Fsutil.yml (#339) 2023-11-06 15:01:59 +01:00
pfiatde
ee78111254 Update Msiexec.yml (#333) 
* Update Msiexec.yml

Added transform file execution

* Update Msiexec.yml
 2023-11-06 13:47:04 +01:00
Wietze
760151b598 Fixing yml files with .yaml extension (#338) 2023-10-19 17:17:15 +01:00
frack113
4f83231697 Update old sigma link (#303) 
* Update SigmaHQ ref

Signed-off-by: frack113 <62423083+frack113@users.noreply.github.com>

* Update SigmaHQ ref

Signed-off-by: frack113 <62423083+frack113@users.noreply.github.com>

* Update SigmaHq ref

Signed-off-by: frack113 <62423083+frack113@users.noreply.github.com>

* Update SigmaHq ref

Signed-off-by: frack113 <62423083+frack113@users.noreply.github.com>

---------

Signed-off-by: frack113 <62423083+frack113@users.noreply.github.com>
 2023-10-18 11:30:34 -04:00
Onat Uzunyayla
7aba6fb550 Create vstest.console.exe (#322) 
* vstest.console.exe awl bypass

* Create testwindowremoteagent.yaml

Data Exfiltration with TestWindowRemoteAgent.exe is added

* Create vstest.yaml

In order to utilize this, you have to create a Unit Test project for c++ preferrably (because it builds into a single DLL easily) and write your malicious code inside the test method then build it. the main function will not run any code at all but when you call vstest.console to run your unit tests it also performs the other code inside the test method so you can run your code without directly running exe or dll

* Delete testwindowremoteagent.yaml

* Update vstest.yaml

A new description added
 2023-10-18 11:28:04 -04:00
Kamran Saifullah - Frog Man
b13eb6f4fd DevTunnels - Other MS Binary for Data Exfiltration (#327) 
* Add files via upload

* updated devtunnels.yml

* Update devtunnels.yml

* Update devtunnels.yml

* Update devtunnels.yml

* Updated Priviliges
 2023-10-15 00:05:54 +02:00
SILJAEUROPA
fa3b5ed33c added addinutil lolbas binary (#335) 
* added addinutil lolbas binary

* updated format for lint

* EOF LF
 2023-10-09 09:05:57 +02:00
Manas Bellani
d6e4fb07d5 Added lolbas iediagcmd.exe as discovered by Adam @hexacorn (#199) 
Everything looks good, confirmed working on Windows 10 & 11, merging changes:

* Added 'Execute' lolbas for iediagcmd.exe

* Added missing fields from the template

* Update Iediagcmd.yml

Made corrections

* Update Iediagcmd.yml

Removing trailing spaces

* Update Iediagcmd.yml

removing empty fields

* Minor changes

* Update Iediagcmd.yml

Removing space before first "&". When setting the Environment variable, it's picking up the space so the path seemed to be "c:\test \", which is why tests are failing.

* Adding Windows 11 support

---------

Co-authored-by: Conor Richard <xenos@xenos-1.net>
Co-authored-by: Wietze <wietze@users.noreply.github.com>
 2023-10-04 09:47:18 -04:00
Wietze
b3951952b0 Fixing command attribute on Vshadow 2023-10-03 17:41:18 +01:00
Wietze
366cdbd57c Renaming vshadow file 2023-10-03 17:38:41 +01:00
Wietze
746d49bbb3 Merge remote-tracking branch 'origin/master' into fix/incorrect_date 2023-10-03 17:37:28 +01:00
Wietze
e90d795e62 Fixing incorrect category on testwindowremoteagent entry 2023-10-03 17:24:36 +01:00
Wietze
135fc5ba49 Fixing incorrect date on testwindowremoteagent entry 2023-10-03 17:22:22 +01:00
Wietze
96aad19b88 Fixing trailing spaces 2023-10-03 17:19:52 +01:00
Wietze
52adf7084d Fixing incorrect extension of testwindowremoteagent entry 2023-10-03 17:12:12 +01:00
AyberkHalac
f55d9d1131 Adding vshadow.exe (#325) 
Co-authored-by: Wietze <wietze@users.noreply.github.com>
 2023-10-03 16:53:08 +01:00
securepeacock
fd9fae8321 Added Sigma to Teams.exe (#329) 2023-10-03 12:04:39 +01:00
Jose Enrique Hernandez
a493c20989 Merge pull request #320 from mertdas/master 
Create msedge_proxy.yml
 2023-09-05 13:26:30 -04:00
Jose Enrique Hernandez
d29b112d9e Merge pull request #323 from onatuzunyayla/vstest 
Create testwindowremoteagent.yaml
 2023-09-05 11:47:31 -04:00
Mert Daş
e75e99f1cf Update msedge_proxy.yml 2023-09-05 18:47:05 +03:00
Mert Daş
e585183dcd Update msedge_proxy.yml 2023-09-05 18:45:00 +03:00
Mert Daş
69976b4880 Update msedge_proxy.yml 2023-09-05 18:41:36 +03:00
Mert Daş
fee20a0813 Update msedge_proxy.yml 2023-09-05 18:39:16 +03:00
Mert Daş
7da6f3216d Update msedge_proxy.yml 2023-09-05 18:37:14 +03:00
Wietze
b137406d8d Update testwindowremoteagent.yaml 2023-09-04 10:36:28 +01:00
Wietze
820e077aa0 Adding missing end-of-file newline 2023-09-04 10:34:34 +01:00
Mert Daş
e2c58fcf31 Update msedge_proxy.yml 2023-09-03 22:28:00 +03:00
Mert Daş
d5f153b84b Update msedge_proxy.yml 2023-09-03 22:23:40 +03:00
Mert Daş
f8743a4109 Update msedge_proxy.yml 2023-09-03 22:17:14 +03:00
Mert Daş
994aa792f0 Update msedge_proxy.yml 2023-09-03 22:11:01 +03:00
Jose Enrique Hernandez
db7fef6ec0 Merge pull request #292 from Ekitji/master 
dsdbutil.exe
 2023-09-03 14:57:48 -04:00
Jose Enrique Hernandez
add2198f43 Merge pull request #191 from lltltk/master 
Create Teams.exe
 2023-09-03 14:53:48 -04:00
Mert Daş
247511bca8 Update msedge_proxy.yml 2023-09-03 21:51:32 +03:00
josehelps
26cc085243 removing blank line 2023-09-03 14:49:16 -04:00
Mert Daş
a0874f2bb7 Update msedge_proxy.yml 2023-09-03 21:48:05 +03:00
josehelps
e935a7bf05 still trying to correct CI fails 2023-09-03 14:47:48 -04:00
Mert Daş
53f8fbe19b Update msedge_proxy.yml 2023-09-03 21:44:41 +03:00