public-mirrors/LOLBAS
1
0
Fork 0
mirror of https://github.com/LOLBAS-Project/LOLBAS synced 2025-11-04 10:39:56 +01:00
Code Issues Projects Releases Wiki Activity
752 Commits 4 Branches 0 Tags
65e05aa4d64474a61b6da15f86dce431609dd679
Commit Graph

347 Commits

Author SHA1 Message Date
Axel Boesenach
3aa721515b Fix typo in /z command parameter (#360) 2024-03-23 11:13:30 +00:00
j00c3
23bf33c7c4 Update MITRE T1185 to T1105 (#345) 2024-02-17 17:30:52 +00:00
Bjarne
ce53e1376a Moved text to correct line (#349) 
Moved "and show response in terminal" from `Command` to `Description`
 2024-02-17 17:14:08 +00:00
Lino
bba87a6c2a TypoFix: Addinutil.yml (#342) 
Small typo fix:
serliaized -> serialized
 2024-02-13 13:37:40 +00:00
Wietze
80267d91dd Adding GitHub Actions workflow test for duplicate filenames (#340) 
* Adding GitHub Actions workflow test for duplicate filenames

* Adding generic error message

* Deduping fsutil.exe and teams.exe
 2023-11-07 20:55:24 -05:00
Grzegorz Tworek
5b4d6d604c Create Fsutil.yml (#339) 2023-11-06 15:01:59 +01:00
pfiatde
ee78111254 Update Msiexec.yml (#333) 
* Update Msiexec.yml

Added transform file execution

* Update Msiexec.yml
 2023-11-06 13:47:04 +01:00
Wietze
760151b598 Fixing yml files with .yaml extension (#338) 2023-10-19 17:17:15 +01:00
frack113
4f83231697 Update old sigma link (#303) 
* Update SigmaHQ ref

Signed-off-by: frack113 <62423083+frack113@users.noreply.github.com>

* Update SigmaHQ ref

Signed-off-by: frack113 <62423083+frack113@users.noreply.github.com>

* Update SigmaHq ref

Signed-off-by: frack113 <62423083+frack113@users.noreply.github.com>

* Update SigmaHq ref

Signed-off-by: frack113 <62423083+frack113@users.noreply.github.com>

---------

Signed-off-by: frack113 <62423083+frack113@users.noreply.github.com>
 2023-10-18 11:30:34 -04:00
Onat Uzunyayla
7aba6fb550 Create vstest.console.exe (#322) 
* vstest.console.exe awl bypass

* Create testwindowremoteagent.yaml

Data Exfiltration with TestWindowRemoteAgent.exe is added

* Create vstest.yaml

In order to utilize this, you have to create a Unit Test project for c++ preferrably (because it builds into a single DLL easily) and write your malicious code inside the test method then build it. the main function will not run any code at all but when you call vstest.console to run your unit tests it also performs the other code inside the test method so you can run your code without directly running exe or dll

* Delete testwindowremoteagent.yaml

* Update vstest.yaml

A new description added
 2023-10-18 11:28:04 -04:00
SILJAEUROPA
fa3b5ed33c added addinutil lolbas binary (#335) 
* added addinutil lolbas binary

* updated format for lint

* EOF LF
 2023-10-09 09:05:57 +02:00
Manas Bellani
d6e4fb07d5 Added lolbas iediagcmd.exe as discovered by Adam @hexacorn (#199) 
Everything looks good, confirmed working on Windows 10 & 11, merging changes:

* Added 'Execute' lolbas for iediagcmd.exe

* Added missing fields from the template

* Update Iediagcmd.yml

Made corrections

* Update Iediagcmd.yml

Removing trailing spaces

* Update Iediagcmd.yml

removing empty fields

* Minor changes

* Update Iediagcmd.yml

Removing space before first "&". When setting the Environment variable, it's picking up the space so the path seemed to be "c:\test \", which is why tests are failing.

* Adding Windows 11 support

---------

Co-authored-by: Conor Richard <xenos@xenos-1.net>
Co-authored-by: Wietze <wietze@users.noreply.github.com>
 2023-10-04 09:47:18 -04:00
securepeacock
fd9fae8321 Added Sigma to Teams.exe (#329) 2023-10-03 12:04:39 +01:00
Jose Enrique Hernandez
a493c20989 Merge pull request #320 from mertdas/master 
Create msedge_proxy.yml
 2023-09-05 13:26:30 -04:00
Mert Daş
e75e99f1cf Update msedge_proxy.yml 2023-09-05 18:47:05 +03:00
Mert Daş
e585183dcd Update msedge_proxy.yml 2023-09-05 18:45:00 +03:00
Mert Daş
69976b4880 Update msedge_proxy.yml 2023-09-05 18:41:36 +03:00
Mert Daş
fee20a0813 Update msedge_proxy.yml 2023-09-05 18:39:16 +03:00
Mert Daş
7da6f3216d Update msedge_proxy.yml 2023-09-05 18:37:14 +03:00
Mert Daş
e2c58fcf31 Update msedge_proxy.yml 2023-09-03 22:28:00 +03:00
Mert Daş
d5f153b84b Update msedge_proxy.yml 2023-09-03 22:23:40 +03:00
Mert Daş
f8743a4109 Update msedge_proxy.yml 2023-09-03 22:17:14 +03:00
Mert Daş
994aa792f0 Update msedge_proxy.yml 2023-09-03 22:11:01 +03:00
Mert Daş
247511bca8 Update msedge_proxy.yml 2023-09-03 21:51:32 +03:00
Mert Daş
a0874f2bb7 Update msedge_proxy.yml 2023-09-03 21:48:05 +03:00
Mert Daş
53f8fbe19b Update msedge_proxy.yml 2023-09-03 21:44:41 +03:00
frack113
50c481795b Add SigmaHQ ref 
Signed-off-by: frack113 <62423083+frack113@users.noreply.github.com>
 2023-09-03 15:06:34 +02:00
Mert Daş
9d79fab230 Update msedge_proxy.yml 2023-08-25 21:24:58 +03:00
Mert Daş
0f3b483ae1 Update msedge_proxy.yml 2023-08-25 21:23:41 +03:00
Mert Daş
f4acc01906 Update msedge_proxy.yml 2023-08-18 17:47:17 +03:00
Mert Daş
68629128a3 Update msedge_proxy.yml 2023-08-18 17:44:23 +03:00
Mert Daş
b14ad21ff9 Create msedge_proxy.yml 2023-08-18 17:17:49 +03:00
Elliot Killick
65007296a6 Update Cmdl32.exe resource links (#317) 2023-08-04 11:21:36 +01:00
Wietze
b50df49ac2 Added colorcpl.exe (#315) 
Co-authored-by: Arjan Onwezen <arjan.onwezen@gmail.com>
 2023-07-27 18:18:49 +01:00
Grzegorz Tworek
7241a8b7fd Create Provlaunch.yml (#307) 
Co-authored-by: Wietze <wietze@users.noreply.github.com>
 2023-07-25 16:16:39 +01:00
Ryan Plas
62ed936a39 Add missing document starts and add yamllint rule (#305) 2023-06-23 20:55:39 +01:00
frack113
e8ea28d4e9 Update SigmaHQ ref (#301) 
Signed-off-by: frack113 <62423083+frack113@users.noreply.github.com>
 2023-06-19 22:40:24 +01:00
CyberSorcery
c3f2690633 Tar.exe lateral movement (#277) 
Co-authored-by: Wietze <wietze@users.noreply.github.com>
 2023-06-17 22:25:34 +01:00
Black Shade
d71415de77 Create msedgewebview2.exe (#299) 
Co-authored-by: Wietze <wietze@users.noreply.github.com>
 2023-06-17 21:56:16 +01:00
frack113
b52200eb89 Add sigma and remove ampty string (#297) 
Signed-off-by: frack113 <62423083+frack113@users.noreply.github.com>
 2023-06-17 20:30:00 +01:00
Jose Enrique Hernandez
f5a3812c91 Merge pull request #295 from frack113/sigma_20230610 
Add missing Sigma ref
 2023-06-11 22:10:04 -04:00
frack113
55b7556b64 Add Sigma ref 
Signed-off-by: frack113 <62423083+frack113@users.noreply.github.com>
 2023-06-10 08:12:12 +02:00
mr.d0x
ef8048344d Update msedge.exe & add teams.exe 2023-05-27 12:11:05 -04:00
biscoito
1f7e8a3e57 Remove unnecessary "at" on command (#286) 2023-05-01 23:36:38 +01:00
mrd0x
787c87470e Several LOLBINs additions & modifications (#192) 
Co-authored-by: Wietze <wietze@users.noreply.github.com>
 2023-03-31 13:46:21 +01:00
Wietze
a9046ecb85 Fixing newline in odbcconf entry 2023-03-25 16:21:34 +00:00
Wietze
06f33c91ae Updating odbcconf, fixes #282 - thanks @hexacorn (#283) 2023-03-25 16:14:04 +00:00
Mr. 0range
2b7fdcac03 Adding WebDav techniques to cmd.exe entry (#273) 
Added the documentation for the type command file transfer, ADS, and copy functionality
---------

Co-authored-by: Wietze <wietze@users.noreply.github.com>
 2023-03-08 14:39:32 +00:00
Wietze
74d010a893 Removing pre-Windows 10 OSs from CertReq entry, fixes #247 2023-02-25 19:19:22 +00:00
bohops
cd16f0aff3 Add vsls-agent lolbin and committing a few other changes (#263) 
Co-authored-by: Wietze <wietze@users.noreply.github.com>
 2023-02-25 18:47:44 +00:00