LOLBAS

mirror of https://github.com/LOLBAS-Project/LOLBAS synced 2025-07-27 04:32:24 +02:00

Author	SHA1	Message	Date
TimOne	803118bda7	Add resources link (#442 ) Add the LOLBAS series to help Blue Team personnel learn how to detect this technology through their browsers.	2025-06-26 22:56:39 -04:00
Fred Cyber Security	ea4d2a87b0	Update Winget.yml (#436 ) Co-authored-by: Wietze <wietze@users.noreply.github.com>	2025-06-01 13:15:55 +01:00
Fred Cyber Security	d6e3d7016d	Update Mmc.yml (#437 ) Co-authored-by: Wietze <wietze@users.noreply.github.com>	2025-06-01 13:04:47 +01:00
LocalLoopBack	d5ce81d2c8	Update Certutil.yml with new flag and update previous flag (#402 )	2025-05-26 21:16:10 +01:00
Swachchhanda Shrawan Poudel	387546895e	feat: Indirect Command Execution via sftp.exe (#434 ) * feat: Indirect Command Execution via sftp.exe * Minor changes * Improved description * Update Sftp.yml --------- Co-authored-by: Wietze <wietze@users.noreply.github.com>	2025-05-26 18:03:15 +01:00
iamtutu	f8b06c611f	Added Cipher (#410 ) Co-authored-by: Wietze <wietze@users.noreply.github.com>	2025-04-26 20:42:34 +01:00
saulpanders	18b1648e97	Added wbemtest.exe (#430 ) Co-authored-by: Wietze <wietze@users.noreply.github.com>	2025-04-26 20:27:13 +01:00
Wietze	e15a9c3e27	Updates for ATT&CK v17	2025-04-26 20:23:10 +01:00
Jeff McJunkin	afee674ff0	Update Cmdkey.yml: Swap to archive.org for expired link (#429 )	2025-04-16 09:16:45 +01:00
Wietze	a79893e7ad	Generalising file paths and urls, see #10 (#422 )	2025-01-28 11:15:01 +00:00
ciwen3	e62749f81a	Adding file paths (#416 )	2025-01-14 15:12:42 +00:00
hegusung	b9a6cd6a87	Adding Execute tags to most LOLBas (#405 )	2024-12-29 17:31:01 +00:00
SecurityAura	baaa5bbc73	Update Runscripthelper.yml (#407 )	2024-11-10 17:31:41 +00:00
Wietze	39a7120d40	Adding Windows file path validation for values of File_Path (#403 )	2024-10-01 23:14:19 +01:00
Eron Clarke	50e17c089a	Add ComputerDefaults.yml (#400 ) Co-authored-by: Wietze <wietze@users.noreply.github.com>	2024-09-25 23:47:41 +01:00
Avihay Eldad	9b1a98794b	Update Wmic.yml (#355 )	2024-09-15 17:31:17 +01:00
Ekitji	9ee5548623	Updates in Stordiag.exe (#394 )	2024-09-10 13:31:38 +01:00
p4yl0ad	cfd827fe6d	Fixing some paths / adding some paths, this will improve upstream hunting tool efficacy if proper paths are referenced in the yml (#392 )	2024-09-07 15:07:46 +01:00
deadjakk	61bff01584	Odbcconf.yml - Corrected incorrect privileges (#396 )	2024-09-07 15:01:46 +01:00
unrooted	659a0240e8	Update Winget.yml (#384 ) Co-authored-by: Wietze <wietze@users.noreply.github.com>	2024-08-17 23:52:52 +01:00
TAbdiukov	5b12df2b93	Makecab - LOLBAS command, more information about Windows compatibility (#389 ) --------- Co-authored-by: Wietze <wietze@users.noreply.github.com>	2024-08-17 22:16:07 +01:00
TAbdiukov	5826e4d415	Adding more operating systems to extrac32.exe (#387 ) Co-authored-by: Wietze <wietze@users.noreply.github.com>	2024-08-17 22:10:48 +01:00
TAbdiukov	e09cf1066f	Add Diantz directives/DDF entry to diantz.exe (#390 ) Co-authored-by: Wietze <wietze@users.noreply.github.com>	2024-08-17 22:02:55 +01:00
Avihay Eldad	74ffaa534f	Add Ngen.exe (#357 ) Co-authored-by: Wietze <wietze@users.noreply.github.com>	2024-07-15 20:59:23 +01:00
Dr. Gerald Yaya	5d80e48159	Correct Winget.yml Spelling (#379 ) Corrected some spelling mistakes in the "Privileges" node of Winget.yml	2024-06-03 17:52:55 +01:00
Borja	2185ade1f2	Update Msiexec.yml (#369 )	2024-05-22 18:59:51 +01:00
Mozhar Alhosni	91a3e80d8f	Update Csc.yml (#376 ) Co-authored-by: Wietze <wietze@users.noreply.github.com>	2024-05-22 18:55:40 +01:00
Lino	5d7ec48f4f	Update Msiexec.yml (#377 ) Fixed spelling	2024-05-20 16:49:27 -04:00
Wietze	2cc0ee99e6	Applying MITRE ATT&CK v15 changes (#370 ) https://attack.mitre.org/resources/updates/updates-april-2024/	2024-04-24 15:10:59 +01:00
$frack113$ frack113	2cc01b0113	Add Detection Sigma ref (#368 )	2024-04-19 18:53:37 +01:00
irEasty	fc23c999e6	Create wbadmin (#364 ) Co-authored-by: Wietze <wietze@users.noreply.github.com>	2024-04-05 19:38:21 +01:00
Wietze	ebbf08ec4d	Adding tags (closes #9 , #318 ) (#362 ) * Adding various tags as a first iteration * Adding quotes * Adding 'Custom Format' properly * Updating to key:value pairs * Update template	2024-04-03 11:53:36 -04:00
Avesta	33b9574d04	Update Tar.yml (#310 ) Co-authored-by: Wietze <wietze@users.noreply.github.com>	2024-03-31 14:00:57 +01:00
Axel Boesenach	3aa721515b	Fix typo in /z command parameter (#360 )	2024-03-23 11:13:30 +00:00
j00c3	23bf33c7c4	Update MITRE T1185 to T1105 (#345 )	2024-02-17 17:30:52 +00:00
Bjarne	ce53e1376a	Moved text to correct line (#349 ) Moved "and show response in terminal" from `Command` to `Description`	2024-02-17 17:14:08 +00:00
Lino	bba87a6c2a	TypoFix: Addinutil.yml (#342 ) Small typo fix: serliaized -> serialized	2024-02-13 13:37:40 +00:00
Wietze	80267d91dd	Adding GitHub Actions workflow test for duplicate filenames (#340 ) * Adding GitHub Actions workflow test for duplicate filenames * Adding generic error message * Deduping fsutil.exe and teams.exe	2023-11-07 20:55:24 -05:00
Grzegorz Tworek	5b4d6d604c	Create Fsutil.yml (#339 )	2023-11-06 15:01:59 +01:00
pfiatde	ee78111254	Update Msiexec.yml (#333 ) * Update Msiexec.yml Added transform file execution * Update Msiexec.yml	2023-11-06 13:47:04 +01:00
Wietze	760151b598	Fixing yml files with .yaml extension (#338 )	2023-10-19 17:17:15 +01:00
$frack113$ frack113	4f83231697	Update old sigma link (#303 ) * Update SigmaHQ ref Signed-off-by: frack113 <62423083+frack113@users.noreply.github.com> * Update SigmaHQ ref Signed-off-by: frack113 <62423083+frack113@users.noreply.github.com> * Update SigmaHq ref Signed-off-by: frack113 <62423083+frack113@users.noreply.github.com> * Update SigmaHq ref Signed-off-by: frack113 <62423083+frack113@users.noreply.github.com> --------- Signed-off-by: frack113 <62423083+frack113@users.noreply.github.com>	2023-10-18 11:30:34 -04:00
Onat Uzunyayla	7aba6fb550	Create vstest.console.exe (#322 ) * vstest.console.exe awl bypass * Create testwindowremoteagent.yaml Data Exfiltration with TestWindowRemoteAgent.exe is added * Create vstest.yaml In order to utilize this, you have to create a Unit Test project for c++ preferrably (because it builds into a single DLL easily) and write your malicious code inside the test method then build it. the main function will not run any code at all but when you call vstest.console to run your unit tests it also performs the other code inside the test method so you can run your code without directly running exe or dll * Delete testwindowremoteagent.yaml * Update vstest.yaml A new description added	2023-10-18 11:28:04 -04:00
SILJAEUROPA	fa3b5ed33c	added addinutil lolbas binary (#335 ) * added addinutil lolbas binary * updated format for lint * EOF LF	2023-10-09 09:05:57 +02:00
Manas Bellani	d6e4fb07d5	Added lolbas iediagcmd.exe as discovered by Adam @hexacorn (#199 ) Everything looks good, confirmed working on Windows 10 & 11, merging changes: * Added 'Execute' lolbas for iediagcmd.exe * Added missing fields from the template * Update Iediagcmd.yml Made corrections * Update Iediagcmd.yml Removing trailing spaces * Update Iediagcmd.yml removing empty fields * Minor changes * Update Iediagcmd.yml Removing space before first "&". When setting the Environment variable, it's picking up the space so the path seemed to be "c:\test \", which is why tests are failing. * Adding Windows 11 support --------- Co-authored-by: Conor Richard <xenos@xenos-1.net> Co-authored-by: Wietze <wietze@users.noreply.github.com>	2023-10-04 09:47:18 -04:00
securepeacock	fd9fae8321	Added Sigma to Teams.exe (#329 )	2023-10-03 12:04:39 +01:00
Jose Enrique Hernandez	a493c20989	Merge pull request #320 from mertdas/master Create msedge_proxy.yml	2023-09-05 13:26:30 -04:00
Mert Daş	e75e99f1cf	Update msedge_proxy.yml	2023-09-05 18:47:05 +03:00
Mert Daş	e585183dcd	Update msedge_proxy.yml	2023-09-05 18:45:00 +03:00
Mert Daş	69976b4880	Update msedge_proxy.yml	2023-09-05 18:41:36 +03:00

1 2 3 4 5 ...

380 Commits