public-mirrors/LOLBAS
1
0
Fork 0
mirror of https://github.com/LOLBAS-Project/LOLBAS synced 2025-11-04 02:29:34 +01:00
Code Issues Projects Releases Wiki Activity
819 Commits 4 Branches 0 Tags
7b44bd9ac62596bbbd0317ad0412eafc046594d7
Commit Graph

208 Commits

Author SHA1 Message Date
Avihay Eldad
7b44bd9ac6 Create Pixtool.yml (#463) 
Co-authored-by: Wietze <wietze@users.noreply.github.com>
 2025-09-29 21:47:41 +01:00
Avihay Eldad
b04a5c9776 Create XBootMgr.yml (#447) 
Co-authored-by: Wietze <wietze@users.noreply.github.com>
 2025-08-31 16:38:57 +01:00
Avihay Eldad
ed6d8aa11d Create Ntsd.yml (#449) 
Co-authored-by: Wietze <wietze@users.noreply.github.com>
 2025-08-31 16:33:36 +01:00
Avihay Eldad
e0f262f32b Create WinDbg.yml (#450) 
Co-authored-by: Wietze <wietze@users.noreply.github.com>
 2025-08-31 16:22:52 +01:00
frack113
5927125030 docs: 📚 Add Detection Sigma ref (#451) 2025-07-22 21:27:15 +01:00
Avihay Eldad
a4199124bc Update XBootMgrSleep.yml (#445) 
* Add xbootmgrsleep.yml

* Update XBootMgrSleep.yml

* Update XBootMgrSleep.yml

* Update XBootMgrSleep.yml

* Update XBootMgrSleep.yml

* Update XBootMgrSleep.yml

* Update XBootMgrSleep.yml

* Update XBootMgrSleep.yml

---------

Co-authored-by: Wietze <wietze@users.noreply.github.com>
 2025-07-10 10:47:39 +01:00
itssixtyn3in
967d88a0fa Update Sqldumper.yml (#439) 2025-06-11 19:30:51 +01:00
Avihay Eldad
e31a869ae4 Add ECMangen.yml (#373) 2025-05-28 14:22:56 +01:00
Avihay Eldad
dcad562e5f Add XBootMgrSleep.yml (#381) 
* Add xbootmgrsleep.yml

* Update XBootMgrSleep.yml

* Update XBootMgrSleep.yml

* Update XBootMgrSleep.yml

* Update XBootMgrSleep.yml

---------

Co-authored-by: Wietze <wietze@users.noreply.github.com>
 2025-05-28 14:15:30 +01:00
lazarg
7dbdad68e9 vshadow mitre technique fix (#428) 
Co-authored-by: Wietze <wietze@users.noreply.github.com>
 2025-04-16 09:23:26 +01:00
tbaker57
f20158d734 Create WFMFormat.yml (#413) 
Co-authored-by: Wietze <wietze@users.noreply.github.com>
 2025-02-15 14:33:23 +00:00
Wietze
a79893e7ad Generalising file paths and urls, see #10 (#422) 2025-01-28 11:15:01 +00:00
ciwen3
e62749f81a Adding file paths (#416) 2025-01-14 15:12:42 +00:00
hegusung
b9a6cd6a87 Adding Execute tags to most LOLBas (#405) 2024-12-29 17:31:01 +00:00
Wietze
f69b8abae1 Removing empty resource sections 2024-10-02 01:55:22 +01:00
Wietze
7e171658dd Remove broken imgur link 2024-10-02 01:20:22 +01:00
Wietze
55d84345ac Adding <version> placeholder to Vshadow 2024-10-01 23:45:18 +01:00
Wietze
39a7120d40 Adding Windows file path validation for values of File_Path (#403) 2024-10-01 23:14:19 +01:00
Avihay Eldad
d8402e6651 Add VSLaunchBrowser.yml (#367) 2024-10-01 22:37:11 +01:00
Avihay Eldad
bfa71cc57e Add DTUtil.yml (#382) 
Co-authored-by: Wietze <wietze@users.noreply.github.com>
 2024-09-07 15:16:04 +01:00
p4yl0ad
cfd827fe6d Fixing some paths / adding some paths, this will improve upstream hunting tool efficacy if proper paths are referenced in the yml (#392) 2024-09-07 15:07:46 +01:00
Avihay Eldad
d5d11f47a1 Add Xsd.yml (#366) 2024-08-17 22:18:59 +01:00
Avihay Eldad
da4f6e5407 Update Msdeploy.yml and add copy utility (#354) 2024-07-15 20:53:17 +01:00
Nathan
70268a5a9f fix parameter typo for squirrel.exe (#383) 2024-07-12 18:49:30 +01:00
unrooted
03b527b105 Update wsl.exe description (#378) 
Co-authored-by: Wietze <wietze@users.noreply.github.com>
 2024-06-06 23:42:25 +01:00
Avihay Eldad
35148cc39e Add Visio.exe as a downloader (#356) 
Co-authored-by: Wietze <wietze@users.noreply.github.com>
 2024-06-05 23:50:25 +01:00
Avihay Eldad
78fa7b550e Add Winfile.yml (#374) 
Co-authored-by: Wietze <wietze@users.noreply.github.com>
 2024-05-23 00:02:56 +01:00
Wietze
2cc0ee99e6 Applying MITRE ATT&CK v15 changes (#370) 
https://attack.mitre.org/resources/updates/updates-april-2024/
 2024-04-24 15:10:59 +01:00
Avihay Eldad
aea7bd082d Add Winproj.exe as a downloader (#351) 
Co-authored-by: Wietze <wietze@users.noreply.github.com>
 2024-04-05 19:19:49 +01:00
C-h4ck-0
3c826ab1ca Add MSAccess as a new downloader (#288) 
Co-authored-by: Wietze <wietze@users.noreply.github.com>
 2024-04-05 19:18:57 +01:00
Wietze
ebbf08ec4d Adding tags (closes #9, #318) (#362) 
* Adding various tags as a first iteration

* Adding quotes

* Adding 'Custom Format' properly

* Updating to key:value pairs

* Update template
 2024-04-03 11:53:36 -04:00
Avihay Eldad
a945bac6be Create Appcert.yml (#361) 
Co-authored-by: Wietze <wietze@users.noreply.github.com>
 2024-03-31 18:56:11 +01:00
Avihay Eldad
65e05aa4d6 Update Te.yml (#359) 
Co-authored-by: Wietze <wietze@users.noreply.github.com>
 2024-03-31 13:43:00 +01:00
Wietze
80267d91dd Adding GitHub Actions workflow test for duplicate filenames (#340) 
* Adding GitHub Actions workflow test for duplicate filenames

* Adding generic error message

* Deduping fsutil.exe and teams.exe
 2023-11-07 20:55:24 -05:00
Wietze
760151b598 Fixing yml files with .yaml extension (#338) 2023-10-19 17:17:15 +01:00
frack113
4f83231697 Update old sigma link (#303) 
* Update SigmaHQ ref

Signed-off-by: frack113 <62423083+frack113@users.noreply.github.com>

* Update SigmaHQ ref

Signed-off-by: frack113 <62423083+frack113@users.noreply.github.com>

* Update SigmaHq ref

Signed-off-by: frack113 <62423083+frack113@users.noreply.github.com>

* Update SigmaHq ref

Signed-off-by: frack113 <62423083+frack113@users.noreply.github.com>

---------

Signed-off-by: frack113 <62423083+frack113@users.noreply.github.com>
 2023-10-18 11:30:34 -04:00
Onat Uzunyayla
7aba6fb550 Create vstest.console.exe (#322) 
* vstest.console.exe awl bypass

* Create testwindowremoteagent.yaml

Data Exfiltration with TestWindowRemoteAgent.exe is added

* Create vstest.yaml

In order to utilize this, you have to create a Unit Test project for c++ preferrably (because it builds into a single DLL easily) and write your malicious code inside the test method then build it. the main function will not run any code at all but when you call vstest.console to run your unit tests it also performs the other code inside the test method so you can run your code without directly running exe or dll

* Delete testwindowremoteagent.yaml

* Update vstest.yaml

A new description added
 2023-10-18 11:28:04 -04:00
Kamran Saifullah - Frog Man
b13eb6f4fd DevTunnels - Other MS Binary for Data Exfiltration (#327) 
* Add files via upload

* updated devtunnels.yml

* Update devtunnels.yml

* Update devtunnels.yml

* Update devtunnels.yml

* Updated Priviliges
 2023-10-15 00:05:54 +02:00
Wietze
b3951952b0 Fixing command attribute on Vshadow 2023-10-03 17:41:18 +01:00
Wietze
366cdbd57c Renaming vshadow file 2023-10-03 17:38:41 +01:00
Wietze
746d49bbb3 Merge remote-tracking branch 'origin/master' into fix/incorrect_date 2023-10-03 17:37:28 +01:00
Wietze
e90d795e62 Fixing incorrect category on testwindowremoteagent entry 2023-10-03 17:24:36 +01:00
Wietze
135fc5ba49 Fixing incorrect date on testwindowremoteagent entry 2023-10-03 17:22:22 +01:00
Wietze
96aad19b88 Fixing trailing spaces 2023-10-03 17:19:52 +01:00
Wietze
52adf7084d Fixing incorrect extension of testwindowremoteagent entry 2023-10-03 17:12:12 +01:00
AyberkHalac
f55d9d1131 Adding vshadow.exe (#325) 
Co-authored-by: Wietze <wietze@users.noreply.github.com>
 2023-10-03 16:53:08 +01:00
Jose Enrique Hernandez
d29b112d9e Merge pull request #323 from onatuzunyayla/vstest 
Create testwindowremoteagent.yaml
 2023-09-05 11:47:31 -04:00
Wietze
b137406d8d Update testwindowremoteagent.yaml 2023-09-04 10:36:28 +01:00
Wietze
820e077aa0 Adding missing end-of-file newline 2023-09-04 10:34:34 +01:00
Jose Enrique Hernandez
db7fef6ec0 Merge pull request #292 from Ekitji/master 
dsdbutil.exe
 2023-09-03 14:57:48 -04:00