Wietze 
							
						 
					 
					
						
						
							
						
						2e08819eef 
					 
					
						
						
							
							Fix Usecase field  
						
						
						
						
					 
					
						2021-01-10 15:54:00 +00:00 
						 
				 
			
				
					
						
							
							
								Wietze 
							
						 
					 
					
						
						
							
						
						5012f95152 
					 
					
						
						
							
							Fix Code_Sample field  
						
						
						
						
					 
					
						2021-01-10 15:49:30 +00:00 
						 
				 
			
				
					
						
							
							
								Wietze 
							
						 
					 
					
						
						
							
						
						fc223eb3d8 
					 
					
						
						
							
							Remove/fix unnecessary Categories field  
						
						
						
						
					 
					
						2021-01-10 15:48:20 +00:00 
						 
				 
			
				
					
						
							
							
								Wietze 
							
						 
					 
					
						
						
							
						
						5ec4de562b 
					 
					
						
						
							
							Fixed acknowledgements  
						
						
						
						
					 
					
						2021-01-10 15:45:25 +00:00 
						 
				 
			
				
					
						
							
							
								Wietze 
							
						 
					 
					
						
						
							
						
						38f9a0a032 
					 
					
						
						
							
							Fixed incorrect MItreLink  
						
						
						
						
					 
					
						2021-01-10 15:26:27 +00:00 
						 
				 
			
				
					
						
							
							
								Wietze 
							
						 
					 
					
						
						
							
						
						14dca38278 
					 
					
						
						
							
							Standardise date formats (see  https://yaml.org/type/timestamp.html )  
						
						
						
						
					 
					
						2021-01-10 15:04:52 +00:00 
						 
				 
			
				
					
						
							
							
								Wietze 
							
						 
					 
					
						
						
							
						
						de50a47957 
					 
					
						
						
							
							Fix invalid YAML  
						
						
						
						
					 
					
						2021-01-10 14:46:36 +00:00 
						 
				 
			
				
					
						
							
							
								Ahmad AS 
							
						 
					 
					
						
						
							
						
						be69f54245 
					 
					
						
						
							
							Update Adplus.yml  
						
						
						
						
					 
					
						2021-01-09 03:00:05 -05:00 
						 
				 
			
				
					
						
							
							
								ahmad 
							
						 
					 
					
						
						
							
						
						080fe4ca5b 
					 
					
						
						
							
							Create Adplus.yml  
						
						
						
						
					 
					
						2021-01-09 02:56:32 -05:00 
						 
				 
			
				
					
						
							
							
								Ahmad AS 
							
						 
					 
					
						
						
							
						
						4254927f78 
					 
					
						
						
							
							Update Remote.yml  
						
						
						
						
					 
					
						2021-01-06 23:31:01 -05:00 
						 
				 
			
				
					
						
							
							
								ahmad 
							
						 
					 
					
						
						
							
						
						7dab1b916e 
					 
					
						
						
							
							Create remote.yml  
						
						
						
						
					 
					
						2021-01-06 20:48:25 -05:00 
						 
				 
			
				
					
						
							
							
								LuxNoBu!!shit 
							
						 
					 
					
						
						
							
						
						f59da6598c 
					 
					
						
						
							
							Delete pnputil.exe  
						
						
						
						
					 
					
						2020-12-25 12:22:28 -08:00 
						 
				 
			
				
					
						
							
							
								LuxNoBu!!shit 
							
						 
					 
					
						
						
							
						
						0d819439c5 
					 
					
						
						
							
							Create pnputil.exe  
						
						
						
						
					 
					
						2020-12-25 12:14:15 -08:00 
						 
				 
			
				
					
						
							
							
								LuxNoBu!!shit 
							
						 
					 
					
						
						
							
						
						21f414c479 
					 
					
						
						
							
							Create pnputil.exe  
						
						
						
						
					 
					
						2020-12-25 12:05:16 -08:00 
						 
				 
			
				
					
						
							
							
								Spencer McIntyre 
							
						 
					 
					
						
						
							
						
						deb249042b 
					 
					
						
						
							
							Update the affected operating systems for SyncAppvPublishingServer  
						
						
						
						
					 
					
						2020-12-08 15:32:35 -05:00 
						 
				 
			
				
					
						
							
							
								michalani 
							
						 
					 
					
						
						
							
						
						36b28ddd98 
					 
					
						
						
							
							Update Winword.yml  
						
						
						
						
					 
					
						2020-12-03 01:03:08 +00:00 
						 
				 
			
				
					
						
							
							
								whickey-r7 
							
						 
					 
					
						
						
							
						
						b381d04faf 
					 
					
						
						
							
							Create AppInstaller.yml  
						
						... 
						
						
						
						New lolbin for downloading files in Windows 10. 
						
						
					 
					
						2020-12-02 11:35:49 -05:00 
						 
				 
			
				
					
						
							
							
								unload 
							
						 
					 
					
						
						
							
						
						bfe248b07e 
					 
					
						
						
							
							Create DataSvcUtil.yml  
						
						... 
						
						
						
						Another data exfil way with lolbins 
						
						
					 
					
						2020-12-01 22:57:09 -03:00 
						 
				 
			
				
					
						
							
							
								Nasreddine Bencherchali 
							
						 
					 
					
						
						
							
						
						15d5ff302d 
					 
					
						
						
							
							Create Dllhost.yml  
						
						
						
						
					 
					
						2020-11-07 14:22:24 +01:00 
						 
				 
			
				
					
						
							
							
								jesgal 
							
						 
					 
					
						
						
							
						
						483482e3a3 
					 
					
						
						
							
							Create Upload.yml  
						
						... 
						
						
						
						File describing the execution of LolBin Update.exe deployed with the installation of Whatsapp on Windows operating systems. 
						
						
					 
					
						2020-11-01 20:09:41 +01:00 
						 
				 
			
				
					
						
							
							
								jesgal 
							
						 
					 
					
						
						
							
						
						4c67be51c1 
					 
					
						
						
							
							Delete Update.yml  
						
						
						
						
					 
					
						2020-11-01 20:05:25 +01:00 
						 
				 
			
				
					
						
							
							
								jesgal 
							
						 
					 
					
						
						
							
						
						748cfb4223 
					 
					
						
						
							
							Merge pull request  #2  from jesgal/jesgal-persistence-update  
						
						... 
						
						
						
						Update Update.yml 
						
						
					 
					
						2020-11-01 19:53:13 +01:00 
						 
				 
			
				
					
						
							
							
								jesgal 
							
						 
					 
					
						
						
							
						
						b0e4b625a4 
					 
					
						
						
							
							Merge pull request  #3  from jesgal/jesgal-patch-2  
						
						... 
						
						
						
						Create Update.yml 
						
						
					 
					
						2020-11-01 19:52:20 +01:00 
						 
				 
			
				
					
						
							
							
								jesgal 
							
						 
					 
					
						
						
							
						
						31c7d34a00 
					 
					
						
						
							
							Create Update.yml  
						
						... 
						
						
						
						This file describes LoLbin Update.exe deployed in the Whatsapp installation for Windows Operating Systems. 
						
						
					 
					
						2020-11-01 19:50:59 +01:00 
						 
				 
			
				
					
						
							
							
								jesgal 
							
						 
					 
					
						
						
							
						
						9642f81be7 
					 
					
						
						
							
							Update Update.yml  
						
						... 
						
						
						
						I update this LolBin to create persistence of payload.exe in the directory "%appdata%\Microsoft\Windows\Start Menu\Programs\Startup" by running payload.exe with the argument "--createShortcut" and "--removeShortcut". 
						
						
					 
					
						2020-10-29 09:12:28 +01:00 
						 
				 
			
				
					
						
							
							
								jesgal 
							
						 
					 
					
						
						
							
						
						6e5bd0e9e1 
					 
					
						
						
							
							Merge pull request  #1  from LOLBAS-Project/master  
						
						... 
						
						
						
						Updating repository 
						
						
					 
					
						2020-10-29 09:01:46 +01:00 
						 
				 
			
				
					
						
							
							
								Conor Richard 
							
						 
					 
					
						
						
							
						
						d15172284a 
					 
					
						
						
							
							Merge pull request  #101  from leo1-1/master  
						
						... 
						
						
						
						added command to certutil 
						
						
					 
					
						2020-10-26 19:44:53 -04:00 
						 
				 
			
				
					
						
							
							
								Conor Richard 
							
						 
					 
					
						
						
							
						
						5806d33e70 
					 
					
						
						
							
							Update Certutil.yml  
						
						
						
						
					 
					
						2020-10-26 19:43:55 -04:00 
						 
				 
			
				
					
						
							
							
								leo1-1 
							
						 
					 
					
						
						
							
						
						64d5dffc4b 
					 
					
						
						
							
							Delete certutil.yml  
						
						
						
						
					 
					
						2020-10-26 08:59:00 +02:00 
						 
				 
			
				
					
						
							
							
								leo1-1 
							
						 
					 
					
						
						
							
						
						76d79ea479 
					 
					
						
						
							
							Update Certutil  
						
						
						
						
					 
					
						2020-10-26 08:57:42 +02:00 
						 
				 
			
				
					
						
							
							
								leo1-1 
							
						 
					 
					
						
						
							
						
						2166960d4e 
					 
					
						
						
							
							changed path  
						
						
						
						
					 
					
						2020-10-26 08:22:58 +02:00 
						 
				 
			
				
					
						
							
							
								leo1-1 
							
						 
					 
					
						
						
							
						
						9b60a844a2 
					 
					
						
						
							
							Rename certutil.yml.txt to certutil.yml  
						
						... 
						
						
						
						changed 
						
						
					 
					
						2020-10-25 09:03:39 +02:00 
						 
				 
			
				
					
						
							
							
								Conor Richard 
							
						 
					 
					
						
						
							
						
						9a83179ddd 
					 
					
						
						
							
							Merge pull request  #99  from dtmsecurity/master  
						
						... 
						
						
						
						Create Wuauclt.yml 
						
						
					 
					
						2020-10-24 22:29:34 -04:00 
						 
				 
			
				
					
						
							
							
								Conor Richard 
							
						 
					 
					
						
						
							
						
						edbd01860c 
					 
					
						
						
							
							Merge pull request  #97  from MartinSohn/master  
						
						... 
						
						
						
						Create Coregen.yml - Thank you for the contribution! 
						
						
					 
					
						2020-10-24 21:49:09 -04:00 
						 
				 
			
				
					
						
							
							
								Conor Richard 
							
						 
					 
					
						
						
							
						
						04c0e7ee38 
					 
					
						
						
							
							Update Explorer.yml  
						
						... 
						
						
						
						Fixing alignment in Acknowledgement section 
						
						
					 
					
						2020-10-22 22:00:05 -04:00 
						 
				 
			
				
					
						
							
							
								xenoscr 
							
						 
					 
					
						
						
							
						
						de169664d6 
					 
					
						
						
							
							Finxing missing quotes  
						
						
						
						
					 
					
						2020-10-22 21:51:57 -04:00 
						 
				 
			
				
					
						
							
							
								Conor Richard 
							
						 
					 
					
						
						
							
						
						b61cd18072 
					 
					
						
						
							
							Merge pull request  #94  from checkymander/master  
						
						... 
						
						
						
						Create DefaultPack.yml 
						
						
					 
					
						2020-10-22 21:19:50 -04:00 
						 
				 
			
				
					
						
							
							
								Conor Richard 
							
						 
					 
					
						
						
							
						
						4f19dbba19 
					 
					
						
						
							
							Merge pull request  #93  from C3dr1cMFE/add_MpCmdRun_Bypass  
						
						... 
						
						
						
						Update MpCmdRun.yml 
						
						
					 
					
						2020-10-22 21:05:37 -04:00 
						 
				 
			
				
					
						
							
							
								Conor Richard 
							
						 
					 
					
						
						
							
						
						d281faccd3 
					 
					
						
						
							
							Merge pull request  #92  from whickey-r7/patch-1  
						
						... 
						
						
						
						Update Xwizard.yml 
						
						
					 
					
						2020-10-22 20:57:55 -04:00 
						 
				 
			
				
					
						
							
							
								Conor Richard 
							
						 
					 
					
						
						
							
						
						93e6e583f7 
					 
					
						
						
							
							Merge pull request  #88  from unexpectedBy/patch-1  
						
						... 
						
						
						
						Create ConfigSecurityPolicy.yml 
						
						
					 
					
						2020-10-22 20:42:02 -04:00 
						 
				 
			
				
					
						
							
							
								Conor Richard 
							
						 
					 
					
						
						
							
						
						9a6309d8de 
					 
					
						
						
							
							Update ConfigSecurityPolicy.yml  
						
						... 
						
						
						
						Added link to Tweet from author containing an example usage. 
						
						
					 
					
						2020-10-22 20:38:50 -04:00 
						 
				 
			
				
					
						
							
							
								leo1-1 
							
						 
					 
					
						
						
							
						
						ab6d42ddcf 
					 
					
						
						
							
							added command to certutil  
						
						
						
						
					 
					
						2020-10-14 21:10:19 +03:00 
						 
				 
			
				
					
						
							
							
								@dtmsecurity 
							
						 
					 
					
						
						
							
						
						651e156583 
					 
					
						
						
							
							Create Wuauclt.yml  
						
						
						
						
					 
					
						2020-10-12 19:24:45 +01:00 
						 
				 
			
				
					
						
							
							
								Martin 
							
						 
					 
					
						
						
							
						
						47c03c97b8 
					 
					
						
						
							
							Typo  
						
						
						
						
					 
					
						2020-10-10 19:54:50 +00:00 
						 
				 
			
				
					
						
							
							
								Martin 
							
						 
					 
					
						
						
							
						
						22d9bbe92a 
					 
					
						
						
							
							Initial commit of Coregen.yml  
						
						
						
						
					 
					
						2020-10-09 17:10:49 +02:00 
						 
				 
			
				
					
						
							
							
								checkymander 
							
						 
					 
					
						
						
							
						
						a45d4ca25c 
					 
					
						
						
							
							Create DefaultPack.yml  
						
						... 
						
						
						
						Added DefaultPack.EXE LOLBin 
						
						
					 
					
						2020-10-01 22:37:00 -04:00 
						 
				 
			
				
					
						
							
							
								Cochin, Cedric 
							
						 
					 
					
						
						
							
						
						13026a481b 
					 
					
						
						
							
							Update MpCmdRun.yml  
						
						... 
						
						
						
						DownloadFile option has been removed from current MpCmdRun.exe, but old binary remains on disk. Defender cmd line mitigation can be bypassed by simply renaming the binary in a folder controlled by the attacker 
						
						
					 
					
						2020-09-24 14:09:58 -07:00 
						 
				 
			
				
					
						
							
							
								whickey-r7 
							
						 
					 
					
						
						
							
						
						11aa1e503b 
					 
					
						
						
							
							Update Xwizard.yml  
						
						... 
						
						
						
						This lolbin has functionality which allows downloading of files from the internet as well as previously outlined execution functionality. 
						
						
					 
					
						2020-09-16 16:34:47 +00:00 
						 
				 
			
				
					
						
							
							
								unload 
							
						 
					 
					
						
						
							
						
						6a5af9a71c 
					 
					
						
						
							
							Create ConfigSecurityPolicy.yml  
						
						
						
						
					 
					
						2020-09-04 07:54:44 -03:00 
						 
				 
			
				
					
						
							
							
								Conor Richard 
							
						 
					 
					
						
						
							
						
						aa34fd8677 
					 
					
						
						
							
							Merge pull request  #87  from richrumble/patch-1  
						
						... 
						
						
						
						Update MpCmdRun.yml Added new IOC and alternate / Vs. - details. Thank you @richrumble 
						
						
					 
					
						2020-09-03 12:23:22 -07:00