Commit Graph

320 Commits

Author SHA1 Message Date
bohops
343a0e2478
Added plain explorer execution 2020-07-03 15:03:07 -04:00
bohops
92f020b885
Added dotnet msbuild awl bypass technique 2020-07-03 14:56:06 -04:00
bohops
a976eaefe1
Updated Mitre Reference - T1096 2020-07-03 10:35:01 -04:00
bohops
f1a7ad92dd
Changed privilege level for registration 2020-07-03 10:24:34 -04:00
bohops
e316cb4842
Delete Slmgr - COM Hijacks are too broad 2020-07-03 10:15:06 -04:00
bohops
12cdb47285
Removed COM Hijack 2020-07-03 10:07:18 -04:00
bohops
17a34e27f6
Added Twitter reference for use "in-the-wild" 2020-07-03 10:03:42 -04:00
Oddvar Moe
cb3a45008e Added regini.exe writing to registry using ADS 2020-07-03 15:40:58 +02:00
Oddvar Moe
420860e5f7 Adjusted some missing quotes and stuff on Dekstopimgdownldr 2020-07-03 15:05:33 +02:00
Oddvar Moe
7dfbc7af67
Update and rename desktopimgdownldr.yml to Desktopimgdownldr.yml
Changed capitalization
2020-07-03 15:04:09 +02:00
Oddvar Moe
c5866efc41
Merge pull request #74 from Kristal-g/master
Added desktopimgdownldr.exe
2020-07-03 15:03:10 +02:00
Oddvar Moe
dac58c312f Fixed some missing quotes and stuff on psr.exe 2020-07-03 14:59:50 +02:00
Oddvar Moe
17db28c643
Merge pull request #73 from Lemonada/master
Add psr.exe
2020-07-03 14:58:26 +02:00
Oddvar Moe
416680941d
Rename explorer.yml to Explorer.yml
Changed capitalization
2020-07-03 14:52:29 +02:00
Oddvar Moe
8bb57e1ac5
Merge pull request #72 from JPMinty/master
Create explorer.yml
2020-07-03 14:50:07 +02:00
Oddvar Moe
c31053e6bd
Merge pull request #70 from cnotin/patch-1
sqldumper: minor fix mis-typed words
2020-07-03 14:34:02 +02:00
Oddvar Moe
8ce4c1497d
Merge pull request #64 from noraj/patch-1
Download for ftp.exe
2020-07-03 14:08:32 +02:00
Oddvar Moe
794d3c04cc Added Acknowledgement to rundll32 2020-07-03 14:03:51 +02:00
Oddvar Moe
604eb45fb4
Merge pull request #61 from MartinIngesen/master
Using rundll32 to execute dll from a SMB share
2020-07-03 14:01:12 +02:00
Kristal-g
fd01a9151a Added desktopimgdownldr.exe 2020-07-02 20:46:05 +03:00
Lemonada
2a5a4e391d
Create Psr.yml
take screenshots of user sessions
2020-06-27 14:51:07 +03:00
Lemonada
48722da65c
Delete Psr.yml 2020-06-27 14:50:22 +03:00
Lemonada
837d5778cd
Merge pull request #1 from Lemonada/Add-Psr.exe
Create psr.yml
2020-06-27 14:46:12 +03:00
Lemonada
cfb5fcdf24
Create psr.yml
Psr.exe can be used to take screenshots of a users sessions.
2020-06-27 14:45:03 +03:00
JPMinty
663724523f Update explorer.yml 2020-06-24 21:15:40 +09:30
JPMinty
dec26ada21 Create explorer.yml 2020-06-24 21:09:59 +09:30
Clément Notin
ae3d9b9b6b
sqldumper: minor fix mis-typed words 2020-06-15 23:33:34 +02:00
Maxime Nadeau
b95fb7ed27 Added the IOCs 2020-05-12 16:40:49 -04:00
Maxime Nadeau
b8b265b397 Added ttdinject 2020-05-12 16:31:47 -04:00
Maxime Nadeau
5de8d357b6 Added ttdinject.exe 2020-05-12 16:24:49 -04:00
Alexandre ZANNI
aef4b06952
Download for ftp.exe
add a non-interactive one-line command to download arbitrary binary with ftp.exe
excessively useful on Windows XP, & Windows Server 2003 where all other LOLBAS that allow download (certutils, bitsutils, etc.) don't exist and where powershell was not install by default.
2020-04-21 23:52:22 +02:00
Oddvar Moe
9722cceb9e Added download example to wsl.exe 2020-03-25 11:33:02 +01:00
Oddvar Moe
9f110bce07 Fixed missing octet in command 2020-03-25 11:24:54 +01:00
Oddvar Moe
6ac04d73d7 Added examples to bash.exe 2020-03-25 11:08:13 +01:00
Oddvar Moe
f2fa2ef989 Added additional example to wsl.exe 2020-03-25 10:26:59 +01:00
Chris "Lopi" Spehn
d67c8f5c11
Update RegAsm to the correct permissions 2020-03-20 11:51:21 -06:00
Martin Ingesen
e4face79af Using rundll32 to execute dll via SMB 2020-03-18 15:20:50 +01:00
Oddvar Moe
cce7c5ce3a Adjusted error in atbroker as per issue #47 2020-03-17 11:08:47 +01:00
Oddvar Moe
94d10799d3 Adjusted ilasm 2020-03-17 11:05:14 +01:00
Oddvar Moe
187786469c
Merge pull request #60 from LuxNoBulIshit/master
Create ilasm.yml
2020-03-17 10:57:53 +01:00
Oddvar Moe
dc3a211c89 Re-added ntdsutil 2020-03-17 10:55:59 +01:00
LuxNoBu!!shit
7a2ff4c250
Create ilasm.yml 2020-03-17 03:04:20 +02:00
Oddvar Moe
4bef10b147 adjusted rasautou and removed ntdsutil 2020-03-16 20:10:17 +01:00
Oddvar Moe
80295ef865
Merge pull request #54 from ForensicITGuy/ntdsutil
Ntdsutil & Rasautou addition
2020-03-16 20:06:54 +01:00
Oddvar Moe
81c363ac8a Adjustment to vbc.yml contribution 2020-03-16 19:55:27 +01:00
Oddvar Moe
84c613b363
Merge pull request #59 from leo1-1/master
Create vbc.yml
2020-03-16 19:49:21 +01:00
leo1-1
c7c93e9f95
Create vbc.yml 2020-02-27 17:13:07 +02:00
Oddvar Moe
acecdcf3df Netsh contribution from Freddie Bar-Smith - Thank you 2020-01-23 09:07:40 +01:00
Oddvar Moe
94708ac5d6 Added links to obfuscation technique from Sailay(valen) on rundll32 2020-01-23 08:57:43 +01:00
Tony M Lambert
e2f217c777 ntdsutil addition 2020-01-10 22:53:34 -06:00