public-mirrors/LOLBAS
1
0
Fork 0
mirror of https://github.com/LOLBAS-Project/LOLBAS synced 2025-07-02 08:25:55 +02:00
Code Issues Projects Releases Wiki Activity
809 Commits 4 Branches 0 Tags
Commit Graph

380 Commits

Author SHA1 Message Date
TimOne
803118bda7
Add resources link (#442) 
Add the LOLBAS series to help Blue Team personnel learn how to detect this technology through their browsers.
 2025-06-26 22:56:39 -04:00
Fred Cyber Security
ea4d2a87b0
Update Winget.yml (#436) 
Co-authored-by: Wietze <wietze@users.noreply.github.com>
 2025-06-01 13:15:55 +01:00
Fred Cyber Security
d6e3d7016d
Update Mmc.yml (#437) 
Co-authored-by: Wietze <wietze@users.noreply.github.com>
 2025-06-01 13:04:47 +01:00
LocalLoopBack
d5ce81d2c8
Update Certutil.yml with new flag and update previous flag (#402) 2025-05-26 21:16:10 +01:00
Swachchhanda Shrawan Poudel
387546895e
feat: Indirect Command Execution via sftp.exe (#434) 
* feat: Indirect Command Execution via sftp.exe

* Minor changes

* Improved description

* Update Sftp.yml

---------

Co-authored-by: Wietze <wietze@users.noreply.github.com>
 2025-05-26 18:03:15 +01:00
iamtutu
f8b06c611f
Added Cipher (#410) 
Co-authored-by: Wietze <wietze@users.noreply.github.com>
 2025-04-26 20:42:34 +01:00
saulpanders
18b1648e97
Added wbemtest.exe (#430) 
Co-authored-by: Wietze <wietze@users.noreply.github.com>
 2025-04-26 20:27:13 +01:00
Wietze
e15a9c3e27
Updates for ATT&CK v17 2025-04-26 20:23:10 +01:00
Jeff McJunkin
afee674ff0
Update Cmdkey.yml: Swap to archive.org for expired link (#429) 2025-04-16 09:16:45 +01:00
Wietze
a79893e7ad
Generalising file paths and urls, see #10 (#422) 2025-01-28 11:15:01 +00:00
ciwen3
e62749f81a
Adding file paths (#416) 2025-01-14 15:12:42 +00:00
hegusung
b9a6cd6a87
Adding Execute tags to most LOLBas (#405) 2024-12-29 17:31:01 +00:00
SecurityAura
baaa5bbc73
Update Runscripthelper.yml (#407) 2024-11-10 17:31:41 +00:00
Wietze
39a7120d40
Adding Windows file path validation for values of File_Path (#403) 2024-10-01 23:14:19 +01:00
Eron Clarke
50e17c089a
Add ComputerDefaults.yml (#400) 
Co-authored-by: Wietze <wietze@users.noreply.github.com>
 2024-09-25 23:47:41 +01:00
Avihay Eldad
9b1a98794b
Update Wmic.yml (#355) 2024-09-15 17:31:17 +01:00
Ekitji
9ee5548623
Updates in Stordiag.exe (#394) 2024-09-10 13:31:38 +01:00
p4yl0ad
cfd827fe6d
Fixing some paths / adding some paths, this will improve upstream hunting tool efficacy if proper paths are referenced in the yml (#392) 2024-09-07 15:07:46 +01:00
deadjakk
61bff01584
Odbcconf.yml - Corrected incorrect privileges (#396) 2024-09-07 15:01:46 +01:00
unrooted
659a0240e8
Update Winget.yml (#384) 
Co-authored-by: Wietze <wietze@users.noreply.github.com>
 2024-08-17 23:52:52 +01:00
TAbdiukov
5b12df2b93
Makecab - LOLBAS command, more information about Windows compatibility (#389) 
---------
Co-authored-by: Wietze <wietze@users.noreply.github.com>
 2024-08-17 22:16:07 +01:00
TAbdiukov
5826e4d415
Adding more operating systems to extrac32.exe (#387) 
Co-authored-by: Wietze <wietze@users.noreply.github.com>
 2024-08-17 22:10:48 +01:00
TAbdiukov
e09cf1066f
Add Diantz directives/DDF entry to diantz.exe (#390) 
Co-authored-by: Wietze <wietze@users.noreply.github.com>
 2024-08-17 22:02:55 +01:00
Avihay Eldad
74ffaa534f
Add Ngen.exe (#357) 
Co-authored-by: Wietze <wietze@users.noreply.github.com>
 2024-07-15 20:59:23 +01:00
Dr. Gerald Yaya
5d80e48159
Correct Winget.yml Spelling (#379) 
Corrected some spelling mistakes in the "Privileges" node of Winget.yml
 2024-06-03 17:52:55 +01:00
Borja
2185ade1f2
Update Msiexec.yml (#369) 2024-05-22 18:59:51 +01:00
Mozhar Alhosni
91a3e80d8f
Update Csc.yml (#376) 
Co-authored-by: Wietze <wietze@users.noreply.github.com>
 2024-05-22 18:55:40 +01:00
Lino
5d7ec48f4f
Update Msiexec.yml (#377) 
Fixed spelling
 2024-05-20 16:49:27 -04:00
Wietze
2cc0ee99e6
Applying MITRE ATT&CK v15 changes (#370) 
https://attack.mitre.org/resources/updates/updates-april-2024/
 2024-04-24 15:10:59 +01:00
frack113
2cc01b0113
Add Detection Sigma ref (#368) 2024-04-19 18:53:37 +01:00
irEasty
fc23c999e6
Create wbadmin (#364) 
Co-authored-by: Wietze <wietze@users.noreply.github.com>
 2024-04-05 19:38:21 +01:00
Wietze
ebbf08ec4d
Adding tags (closes #9, #318) (#362) 
* Adding various tags as a first iteration

* Adding quotes

* Adding 'Custom Format' properly

* Updating to key:value pairs

* Update template
 2024-04-03 11:53:36 -04:00
Avesta
33b9574d04
Update Tar.yml (#310) 
Co-authored-by: Wietze <wietze@users.noreply.github.com>
 2024-03-31 14:00:57 +01:00
Axel Boesenach
3aa721515b
Fix typo in /z command parameter (#360) 2024-03-23 11:13:30 +00:00
j00c3
23bf33c7c4
Update MITRE T1185 to T1105 (#345) 2024-02-17 17:30:52 +00:00
Bjarne
ce53e1376a
Moved text to correct line (#349) 
Moved "and show response in terminal" from `Command` to `Description`
 2024-02-17 17:14:08 +00:00
Lino
bba87a6c2a
TypoFix: Addinutil.yml (#342) 
Small typo fix:
serliaized -> serialized
 2024-02-13 13:37:40 +00:00
Wietze
80267d91dd
Adding GitHub Actions workflow test for duplicate filenames (#340) 
* Adding GitHub Actions workflow test for duplicate filenames

* Adding generic error message

* Deduping fsutil.exe and teams.exe
 2023-11-07 20:55:24 -05:00
Grzegorz Tworek
5b4d6d604c
Create Fsutil.yml (#339) 2023-11-06 15:01:59 +01:00
pfiatde
ee78111254
Update Msiexec.yml (#333) 
* Update Msiexec.yml

Added transform file execution

* Update Msiexec.yml
 2023-11-06 13:47:04 +01:00
Wietze
760151b598
Fixing yml files with .yaml extension (#338) 2023-10-19 17:17:15 +01:00
frack113
4f83231697
Update old sigma link (#303) 
* Update SigmaHQ ref

Signed-off-by: frack113 <62423083+frack113@users.noreply.github.com>

* Update SigmaHQ ref

Signed-off-by: frack113 <62423083+frack113@users.noreply.github.com>

* Update SigmaHq ref

Signed-off-by: frack113 <62423083+frack113@users.noreply.github.com>

* Update SigmaHq ref

Signed-off-by: frack113 <62423083+frack113@users.noreply.github.com>

---------

Signed-off-by: frack113 <62423083+frack113@users.noreply.github.com>
 2023-10-18 11:30:34 -04:00
Onat Uzunyayla
7aba6fb550
Create vstest.console.exe (#322) 
* vstest.console.exe awl bypass

* Create testwindowremoteagent.yaml

Data Exfiltration with TestWindowRemoteAgent.exe is added

* Create vstest.yaml

In order to utilize this, you have to create a Unit Test project for c++ preferrably (because it builds into a single DLL easily) and write your malicious code inside the test method then build it. the main function will not run any code at all but when you call vstest.console to run your unit tests it also performs the other code inside the test method so you can run your code without directly running exe or dll

* Delete testwindowremoteagent.yaml

* Update vstest.yaml

A new description added
 2023-10-18 11:28:04 -04:00
SILJAEUROPA
fa3b5ed33c
added addinutil lolbas binary (#335) 
* added addinutil lolbas binary

* updated format for lint

* EOF LF
 2023-10-09 09:05:57 +02:00
Manas Bellani
d6e4fb07d5
Added lolbas iediagcmd.exe as discovered by Adam @hexacorn (#199) 
Everything looks good, confirmed working on Windows 10 & 11, merging changes:

* Added 'Execute' lolbas for iediagcmd.exe

* Added missing fields from the template

* Update Iediagcmd.yml

Made corrections

* Update Iediagcmd.yml

Removing trailing spaces

* Update Iediagcmd.yml

removing empty fields

* Minor changes

* Update Iediagcmd.yml

Removing space before first "&". When setting the Environment variable, it's picking up the space so the path seemed to be "c:\test \", which is why tests are failing.

* Adding Windows 11 support

---------

Co-authored-by: Conor Richard <xenos@xenos-1.net>
Co-authored-by: Wietze <wietze@users.noreply.github.com>
 2023-10-04 09:47:18 -04:00
securepeacock
fd9fae8321
Added Sigma to Teams.exe (#329) 2023-10-03 12:04:39 +01:00
Jose Enrique Hernandez
a493c20989
Merge pull request #320 from mertdas/master 
Create msedge_proxy.yml
 2023-09-05 13:26:30 -04:00
Mert Daş
e75e99f1cf
Update msedge_proxy.yml 2023-09-05 18:47:05 +03:00
Mert Daş
e585183dcd
Update msedge_proxy.yml 2023-09-05 18:45:00 +03:00
Mert Daş
69976b4880
Update msedge_proxy.yml 2023-09-05 18:41:36 +03:00