LOLBAS

mirror of https://github.com/LOLBAS-Project/LOLBAS synced 2025-07-01 16:05:27 +02:00

Author	SHA1	Message	Date
hegusung	5f2bc7efc2	Update Mftrace.yml Tags Added Tags: Execute: EXE	2024-10-13 22:15:53 +02:00
hegusung	a5ede4597c	Update FsiAnyCpu.yml tags Added Tags: Execute Fsharp	2024-10-13 22:14:57 +02:00
hegusung	bc80d35981	Update Fsi.yml tags Added Tags: Execute Fsharp	2024-10-13 22:14:09 +02:00
hegusung	e2d2633470	Update Dxcap.yml Tags Added Tags: Execute EXE	2024-10-13 22:10:39 +02:00
hegusung	b24f3ab6ab	Update Dotnet.yml tags Added Tags: Execute: .NetDLL Execute: Fsharp Execute: CSProj	2024-10-13 22:09:40 +02:00
hegusung	bd6667bc9a	Update Dnx.yml Tags Added Tag: Execute C#	2024-10-13 22:07:27 +02:00
hegusung	1ba7b664e3	Update Devtoolslauncher.yml Tags Added Tags - Execute EXE	2024-10-13 22:03:26 +02:00
hegusung	6e9faa63da	Update Devinit.yml Tags Added Tags: Execute MSI Execute Remote	2024-10-13 22:02:22 +02:00
hegusung	eb3afc669e	Update DefaultPack.yml Tags Added Tags: Execute EXE	2024-10-13 22:01:33 +02:00
hegusung	83c34ff627	Update Csi.yml Tags Added Tags: Execute: C#	2024-10-13 21:56:45 +02:00
hegusung	edf0105284	Update Coregen.yml Tags Added Execute: DLL tag	2024-10-13 21:43:38 +02:00
hegusung	37eaa488d1	Update Cdb.yml Tags Added Tags: Execute: CMD Execute: Shellcode	2024-10-13 21:42:37 +02:00
hegusung	351a3bcac6	Update Bginfo.yml Tags Added Tag: Execute: Remote	2024-10-13 21:36:52 +02:00
hegusung	e4f73cfafa	Update Appvlp.yml Tags Added Tags: Execute CMD Execute EXE	2024-10-13 21:35:16 +02:00
hegusung	f4cd4d0bd1	Update Appcert.yml Tags Added Tags: Execute EXE Execute MSI	2024-10-13 21:25:16 +02:00
hegusung	8fc6995678	Update Agentexecutor.yml Tags Added Tags: Execute Powershell Execute EXE	2024-10-13 21:23:22 +02:00
hegusung	a01bab762e	Update Adplus.yml Tags Changed Tags: - Execute CMD - Execute EXE	2024-10-13 21:21:32 +02:00
hegusung	16d84e33e6	Update AccCheckConsole.yml Tags Changed DLL to .NetDLL	2024-10-13 21:17:55 +02:00
Wietze	f69b8abae1	Removing empty resource sections	2024-10-02 01:55:22 +01:00
Wietze	7e171658dd	Remove broken imgur link	2024-10-02 01:20:22 +01:00
Wietze	55d84345ac	Adding <version> placeholder to Vshadow	2024-10-01 23:45:18 +01:00
Wietze	39a7120d40	Adding Windows file path validation for values of File_Path (#403 )	2024-10-01 23:14:19 +01:00
Avihay Eldad	d8402e6651	Add VSLaunchBrowser.yml (#367 )	2024-10-01 22:37:11 +01:00
Avihay Eldad	bfa71cc57e	Add DTUtil.yml (#382 ) Co-authored-by: Wietze <wietze@users.noreply.github.com>	2024-09-07 15:16:04 +01:00
p4yl0ad	cfd827fe6d	Fixing some paths / adding some paths, this will improve upstream hunting tool efficacy if proper paths are referenced in the yml (#392 )	2024-09-07 15:07:46 +01:00
Avihay Eldad	d5d11f47a1	Add Xsd.yml (#366 )	2024-08-17 22:18:59 +01:00
Avihay Eldad	da4f6e5407	Update Msdeploy.yml and add copy utility (#354 )	2024-07-15 20:53:17 +01:00
Nathan	70268a5a9f	fix parameter typo for squirrel.exe (#383 )	2024-07-12 18:49:30 +01:00
unrooted	03b527b105	Update wsl.exe description (#378 ) Co-authored-by: Wietze <wietze@users.noreply.github.com>	2024-06-06 23:42:25 +01:00
Avihay Eldad	35148cc39e	Add Visio.exe as a downloader (#356 ) Co-authored-by: Wietze <wietze@users.noreply.github.com>	2024-06-05 23:50:25 +01:00
Avihay Eldad	78fa7b550e	Add Winfile.yml (#374 ) Co-authored-by: Wietze <wietze@users.noreply.github.com>	2024-05-23 00:02:56 +01:00
Wietze	2cc0ee99e6	Applying MITRE ATT&CK v15 changes (#370 ) https://attack.mitre.org/resources/updates/updates-april-2024/	2024-04-24 15:10:59 +01:00
Avihay Eldad	aea7bd082d	Add Winproj.exe as a downloader (#351 ) Co-authored-by: Wietze <wietze@users.noreply.github.com>	2024-04-05 19:19:49 +01:00
C-h4ck-0	3c826ab1ca	Add MSAccess as a new downloader (#288 ) Co-authored-by: Wietze <wietze@users.noreply.github.com>	2024-04-05 19:18:57 +01:00
Wietze	ebbf08ec4d	Adding tags (closes #9 , #318 ) (#362 ) * Adding various tags as a first iteration * Adding quotes * Adding 'Custom Format' properly * Updating to key:value pairs * Update template	2024-04-03 11:53:36 -04:00
Avihay Eldad	a945bac6be	Create Appcert.yml (#361 ) Co-authored-by: Wietze <wietze@users.noreply.github.com>	2024-03-31 18:56:11 +01:00
Avihay Eldad	65e05aa4d6	Update Te.yml (#359 ) Co-authored-by: Wietze <wietze@users.noreply.github.com>	2024-03-31 13:43:00 +01:00
Wietze	80267d91dd	Adding GitHub Actions workflow test for duplicate filenames (#340 ) * Adding GitHub Actions workflow test for duplicate filenames * Adding generic error message * Deduping fsutil.exe and teams.exe	2023-11-07 20:55:24 -05:00
Wietze	760151b598	Fixing yml files with .yaml extension (#338 )	2023-10-19 17:17:15 +01:00
$frack113$ frack113	4f83231697	Update old sigma link (#303 ) * Update SigmaHQ ref Signed-off-by: frack113 <62423083+frack113@users.noreply.github.com> * Update SigmaHQ ref Signed-off-by: frack113 <62423083+frack113@users.noreply.github.com> * Update SigmaHq ref Signed-off-by: frack113 <62423083+frack113@users.noreply.github.com> * Update SigmaHq ref Signed-off-by: frack113 <62423083+frack113@users.noreply.github.com> --------- Signed-off-by: frack113 <62423083+frack113@users.noreply.github.com>	2023-10-18 11:30:34 -04:00
Onat Uzunyayla	7aba6fb550	Create vstest.console.exe (#322 ) * vstest.console.exe awl bypass * Create testwindowremoteagent.yaml Data Exfiltration with TestWindowRemoteAgent.exe is added * Create vstest.yaml In order to utilize this, you have to create a Unit Test project for c++ preferrably (because it builds into a single DLL easily) and write your malicious code inside the test method then build it. the main function will not run any code at all but when you call vstest.console to run your unit tests it also performs the other code inside the test method so you can run your code without directly running exe or dll * Delete testwindowremoteagent.yaml * Update vstest.yaml A new description added	2023-10-18 11:28:04 -04:00
Kamran Saifullah - Frog Man	b13eb6f4fd	DevTunnels - Other MS Binary for Data Exfiltration (#327 ) * Add files via upload * updated devtunnels.yml * Update devtunnels.yml * Update devtunnels.yml * Update devtunnels.yml * Updated Priviliges	2023-10-15 00:05:54 +02:00
Wietze	b3951952b0	Fixing command attribute on Vshadow	2023-10-03 17:41:18 +01:00
Wietze	366cdbd57c	Renaming vshadow file	2023-10-03 17:38:41 +01:00
Wietze	746d49bbb3	Merge remote-tracking branch 'origin/master' into fix/incorrect_date	2023-10-03 17:37:28 +01:00
Wietze	e90d795e62	Fixing incorrect category on testwindowremoteagent entry	2023-10-03 17:24:36 +01:00
Wietze	135fc5ba49	Fixing incorrect date on testwindowremoteagent entry	2023-10-03 17:22:22 +01:00
Wietze	96aad19b88	Fixing trailing spaces	2023-10-03 17:19:52 +01:00
Wietze	52adf7084d	Fixing incorrect extension of testwindowremoteagent entry	2023-10-03 17:12:12 +01:00
AyberkHalac	f55d9d1131	Adding vshadow.exe (#325 ) Co-authored-by: Wietze <wietze@users.noreply.github.com>	2023-10-03 16:53:08 +01:00

1 2 3 4 5

212 Commits