Commit Graph

212 Commits

Author SHA1 Message Date
hegusung
5f2bc7efc2 Update Mftrace.yml Tags
Added Tags:
Execute: EXE
2024-10-13 22:15:53 +02:00
hegusung
a5ede4597c Update FsiAnyCpu.yml tags
Added Tags:
Execute Fsharp
2024-10-13 22:14:57 +02:00
hegusung
bc80d35981 Update Fsi.yml tags
Added Tags:
Execute Fsharp
2024-10-13 22:14:09 +02:00
hegusung
e2d2633470 Update Dxcap.yml Tags
Added Tags:
Execute EXE
2024-10-13 22:10:39 +02:00
hegusung
b24f3ab6ab Update Dotnet.yml tags
Added Tags:
Execute: .NetDLL
Execute: Fsharp
Execute: CSProj
2024-10-13 22:09:40 +02:00
hegusung
bd6667bc9a Update Dnx.yml Tags
Added Tag:
Execute C#
2024-10-13 22:07:27 +02:00
hegusung
1ba7b664e3 Update Devtoolslauncher.yml Tags
Added Tags
- Execute EXE
2024-10-13 22:03:26 +02:00
hegusung
6e9faa63da Update Devinit.yml Tags
Added Tags:
Execute MSI
Execute Remote
2024-10-13 22:02:22 +02:00
hegusung
eb3afc669e Update DefaultPack.yml Tags
Added Tags:
Execute EXE
2024-10-13 22:01:33 +02:00
hegusung
83c34ff627 Update Csi.yml Tags
Added Tags:
Execute: C#
2024-10-13 21:56:45 +02:00
hegusung
edf0105284 Update Coregen.yml Tags
Added Execute: DLL tag
2024-10-13 21:43:38 +02:00
hegusung
37eaa488d1 Update Cdb.yml Tags
Added Tags:
Execute: CMD
Execute: Shellcode
2024-10-13 21:42:37 +02:00
hegusung
351a3bcac6 Update Bginfo.yml Tags
Added Tag:
Execute: Remote
2024-10-13 21:36:52 +02:00
hegusung
e4f73cfafa Update Appvlp.yml Tags
Added Tags:
Execute CMD
Execute EXE
2024-10-13 21:35:16 +02:00
hegusung
f4cd4d0bd1 Update Appcert.yml Tags
Added Tags:
Execute EXE
Execute MSI
2024-10-13 21:25:16 +02:00
hegusung
8fc6995678 Update Agentexecutor.yml Tags
Added Tags:
Execute Powershell
Execute EXE
2024-10-13 21:23:22 +02:00
hegusung
a01bab762e Update Adplus.yml Tags
Changed Tags:
- Execute CMD
- Execute EXE
2024-10-13 21:21:32 +02:00
hegusung
16d84e33e6 Update AccCheckConsole.yml Tags
Changed DLL to .NetDLL
2024-10-13 21:17:55 +02:00
Wietze
f69b8abae1 Removing empty resource sections 2024-10-02 01:55:22 +01:00
Wietze
7e171658dd Remove broken imgur link 2024-10-02 01:20:22 +01:00
Wietze
55d84345ac Adding <version> placeholder to Vshadow 2024-10-01 23:45:18 +01:00
Wietze
39a7120d40 Adding Windows file path validation for values of File_Path (#403) 2024-10-01 23:14:19 +01:00
Avihay Eldad
d8402e6651 Add VSLaunchBrowser.yml (#367) 2024-10-01 22:37:11 +01:00
Avihay Eldad
bfa71cc57e Add DTUtil.yml (#382)
Co-authored-by: Wietze <wietze@users.noreply.github.com>
2024-09-07 15:16:04 +01:00
p4yl0ad
cfd827fe6d Fixing some paths / adding some paths, this will improve upstream hunting tool efficacy if proper paths are referenced in the yml (#392) 2024-09-07 15:07:46 +01:00
Avihay Eldad
d5d11f47a1 Add Xsd.yml (#366) 2024-08-17 22:18:59 +01:00
Avihay Eldad
da4f6e5407 Update Msdeploy.yml and add copy utility (#354) 2024-07-15 20:53:17 +01:00
Nathan
70268a5a9f fix parameter typo for squirrel.exe (#383) 2024-07-12 18:49:30 +01:00
unrooted
03b527b105 Update wsl.exe description (#378)
Co-authored-by: Wietze <wietze@users.noreply.github.com>
2024-06-06 23:42:25 +01:00
Avihay Eldad
35148cc39e Add Visio.exe as a downloader (#356)
Co-authored-by: Wietze <wietze@users.noreply.github.com>
2024-06-05 23:50:25 +01:00
Avihay Eldad
78fa7b550e Add Winfile.yml (#374)
Co-authored-by: Wietze <wietze@users.noreply.github.com>
2024-05-23 00:02:56 +01:00
Wietze
2cc0ee99e6 Applying MITRE ATT&CK v15 changes (#370)
https://attack.mitre.org/resources/updates/updates-april-2024/
2024-04-24 15:10:59 +01:00
Avihay Eldad
aea7bd082d Add Winproj.exe as a downloader (#351)
Co-authored-by: Wietze <wietze@users.noreply.github.com>
2024-04-05 19:19:49 +01:00
C-h4ck-0
3c826ab1ca Add MSAccess as a new downloader (#288)
Co-authored-by: Wietze <wietze@users.noreply.github.com>
2024-04-05 19:18:57 +01:00
Wietze
ebbf08ec4d Adding tags (closes #9, #318) (#362)
* Adding various tags as a first iteration

* Adding quotes

* Adding 'Custom Format' properly

* Updating to key:value pairs

* Update template
2024-04-03 11:53:36 -04:00
Avihay Eldad
a945bac6be Create Appcert.yml (#361)
Co-authored-by: Wietze <wietze@users.noreply.github.com>
2024-03-31 18:56:11 +01:00
Avihay Eldad
65e05aa4d6 Update Te.yml (#359)
Co-authored-by: Wietze <wietze@users.noreply.github.com>
2024-03-31 13:43:00 +01:00
Wietze
80267d91dd Adding GitHub Actions workflow test for duplicate filenames (#340)
* Adding GitHub Actions workflow test for duplicate filenames

* Adding generic error message

* Deduping fsutil.exe and teams.exe
2023-11-07 20:55:24 -05:00
Wietze
760151b598 Fixing yml files with .yaml extension (#338) 2023-10-19 17:17:15 +01:00
frack113
4f83231697 Update old sigma link (#303)
* Update SigmaHQ ref

Signed-off-by: frack113 <62423083+frack113@users.noreply.github.com>

* Update SigmaHQ ref

Signed-off-by: frack113 <62423083+frack113@users.noreply.github.com>

* Update SigmaHq ref

Signed-off-by: frack113 <62423083+frack113@users.noreply.github.com>

* Update SigmaHq ref

Signed-off-by: frack113 <62423083+frack113@users.noreply.github.com>

---------

Signed-off-by: frack113 <62423083+frack113@users.noreply.github.com>
2023-10-18 11:30:34 -04:00
Onat Uzunyayla
7aba6fb550 Create vstest.console.exe (#322)
* vstest.console.exe awl bypass

* Create testwindowremoteagent.yaml

Data Exfiltration with TestWindowRemoteAgent.exe is added

* Create vstest.yaml

In order to utilize this, you have to create a Unit Test project for c++ preferrably (because it builds into a single DLL easily) and write your malicious code inside the test method then build it. the main function will not run any code at all but when you call vstest.console to run your unit tests it also performs the other code inside the test method so you can run your code without directly running exe or dll

* Delete testwindowremoteagent.yaml

* Update vstest.yaml

A new description added
2023-10-18 11:28:04 -04:00
Kamran Saifullah - Frog Man
b13eb6f4fd DevTunnels - Other MS Binary for Data Exfiltration (#327)
* Add files via upload

* updated devtunnels.yml

* Update devtunnels.yml

* Update devtunnels.yml

* Update devtunnels.yml

* Updated Priviliges
2023-10-15 00:05:54 +02:00
Wietze
b3951952b0 Fixing command attribute on Vshadow 2023-10-03 17:41:18 +01:00
Wietze
366cdbd57c Renaming vshadow file 2023-10-03 17:38:41 +01:00
Wietze
746d49bbb3 Merge remote-tracking branch 'origin/master' into fix/incorrect_date 2023-10-03 17:37:28 +01:00
Wietze
e90d795e62 Fixing incorrect category on testwindowremoteagent entry 2023-10-03 17:24:36 +01:00
Wietze
135fc5ba49 Fixing incorrect date on testwindowremoteagent entry 2023-10-03 17:22:22 +01:00
Wietze
96aad19b88 Fixing trailing spaces 2023-10-03 17:19:52 +01:00
Wietze
52adf7084d Fixing incorrect extension of testwindowremoteagent entry 2023-10-03 17:12:12 +01:00
AyberkHalac
f55d9d1131 Adding vshadow.exe (#325)
Co-authored-by: Wietze <wietze@users.noreply.github.com>
2023-10-03 16:53:08 +01:00