public-mirrors/LOLBAS
1
0
Fork 0
mirror of https://github.com/LOLBAS-Project/LOLBAS synced 2025-10-31 16:49:36 +01:00
Code Issues Projects Releases Wiki Activity
792 Commits 4 Branches 0 Tags
8cc231328f4755ac8d4c8c7184702c79b89d04dd
Commit Graph

617 Commits

Author SHA1 Message Date
Tonmoy Jitu
8cc231328f Fix formatting issues 2024-11-25 20:17:04 +11:00
Tonmoy Jitu
0986609c4b Added new technique: wevtutil.exe 2024-11-25 20:01:51 +11:00
SecurityAura
baaa5bbc73 Update Runscripthelper.yml (#407) 2024-11-10 17:31:41 +00:00
Wietze
f69b8abae1 Removing empty resource sections 2024-10-02 01:55:22 +01:00
Wietze
7e171658dd Remove broken imgur link 2024-10-02 01:20:22 +01:00
Wietze
55d84345ac Adding <version> placeholder to Vshadow 2024-10-01 23:45:18 +01:00
Wietze
39a7120d40 Adding Windows file path validation for values of File_Path (#403) 2024-10-01 23:14:19 +01:00
Avihay Eldad
d8402e6651 Add VSLaunchBrowser.yml (#367) 2024-10-01 22:37:11 +01:00
Eron Clarke
50e17c089a Add ComputerDefaults.yml (#400) 
Co-authored-by: Wietze <wietze@users.noreply.github.com>
 2024-09-25 23:47:41 +01:00
Avihay Eldad
9b1a98794b Update Wmic.yml (#355) 2024-09-15 17:31:17 +01:00
Ekitji
9ee5548623 Updates in Stordiag.exe (#394) 2024-09-10 13:31:38 +01:00
Avihay Eldad
bfa71cc57e Add DTUtil.yml (#382) 
Co-authored-by: Wietze <wietze@users.noreply.github.com>
 2024-09-07 15:16:04 +01:00
p4yl0ad
cfd827fe6d Fixing some paths / adding some paths, this will improve upstream hunting tool efficacy if proper paths are referenced in the yml (#392) 2024-09-07 15:07:46 +01:00
deadjakk
61bff01584 Odbcconf.yml - Corrected incorrect privileges (#396) 2024-09-07 15:01:46 +01:00
unrooted
659a0240e8 Update Winget.yml (#384) 
Co-authored-by: Wietze <wietze@users.noreply.github.com>
 2024-08-17 23:52:52 +01:00
Avihay Eldad
d5d11f47a1 Add Xsd.yml (#366) 2024-08-17 22:18:59 +01:00
TAbdiukov
5b12df2b93 Makecab - LOLBAS command, more information about Windows compatibility (#389) 
---------
Co-authored-by: Wietze <wietze@users.noreply.github.com>
 2024-08-17 22:16:07 +01:00
TAbdiukov
5826e4d415 Adding more operating systems to extrac32.exe (#387) 
Co-authored-by: Wietze <wietze@users.noreply.github.com>
 2024-08-17 22:10:48 +01:00
TAbdiukov
e09cf1066f Add Diantz directives/DDF entry to diantz.exe (#390) 
Co-authored-by: Wietze <wietze@users.noreply.github.com>
 2024-08-17 22:02:55 +01:00
Avihay Eldad
74ffaa534f Add Ngen.exe (#357) 
Co-authored-by: Wietze <wietze@users.noreply.github.com>
 2024-07-15 20:59:23 +01:00
Avihay Eldad
da4f6e5407 Update Msdeploy.yml and add copy utility (#354) 2024-07-15 20:53:17 +01:00
Nathan
70268a5a9f fix parameter typo for squirrel.exe (#383) 2024-07-12 18:49:30 +01:00
unrooted
03b527b105 Update wsl.exe description (#378) 
Co-authored-by: Wietze <wietze@users.noreply.github.com>
 2024-06-06 23:42:25 +01:00
Avihay Eldad
35148cc39e Add Visio.exe as a downloader (#356) 
Co-authored-by: Wietze <wietze@users.noreply.github.com>
 2024-06-05 23:50:25 +01:00
bohops
622aaeed54 Add Powershell.exe to Honorable Mentions (#363) 2024-06-05 23:17:34 +01:00
Dr. Gerald Yaya
5d80e48159 Correct Winget.yml Spelling (#379) 
Corrected some spelling mistakes in the "Privileges" node of Winget.yml
 2024-06-03 17:52:55 +01:00
Avihay Eldad
78fa7b550e Add Winfile.yml (#374) 
Co-authored-by: Wietze <wietze@users.noreply.github.com>
 2024-05-23 00:02:56 +01:00
Borja
2185ade1f2 Update Msiexec.yml (#369) 2024-05-22 18:59:51 +01:00
Mozhar Alhosni
91a3e80d8f Update Csc.yml (#376) 
Co-authored-by: Wietze <wietze@users.noreply.github.com>
 2024-05-22 18:55:40 +01:00
Lino
5d7ec48f4f Update Msiexec.yml (#377) 
Fixed spelling
 2024-05-20 16:49:27 -04:00
Wietze
2cc0ee99e6 Applying MITRE ATT&CK v15 changes (#370) 
https://attack.mitre.org/resources/updates/updates-april-2024/
 2024-04-24 15:10:59 +01:00
frack113
2cc01b0113 Add Detection Sigma ref (#368) 2024-04-19 18:53:37 +01:00
irEasty
fc23c999e6 Create wbadmin (#364) 
Co-authored-by: Wietze <wietze@users.noreply.github.com>
 2024-04-05 19:38:21 +01:00
Avihay Eldad
aea7bd082d Add Winproj.exe as a downloader (#351) 
Co-authored-by: Wietze <wietze@users.noreply.github.com>
 2024-04-05 19:19:49 +01:00
C-h4ck-0
3c826ab1ca Add MSAccess as a new downloader (#288) 
Co-authored-by: Wietze <wietze@users.noreply.github.com>
 2024-04-05 19:18:57 +01:00
Wietze
ebbf08ec4d Adding tags (closes #9, #318) (#362) 
* Adding various tags as a first iteration

* Adding quotes

* Adding 'Custom Format' properly

* Updating to key:value pairs

* Update template
 2024-04-03 11:53:36 -04:00
Avihay Eldad
a945bac6be Create Appcert.yml (#361) 
Co-authored-by: Wietze <wietze@users.noreply.github.com>
 2024-03-31 18:56:11 +01:00
Avesta
33b9574d04 Update Tar.yml (#310) 
Co-authored-by: Wietze <wietze@users.noreply.github.com>
 2024-03-31 14:00:57 +01:00
Avihay Eldad
65e05aa4d6 Update Te.yml (#359) 
Co-authored-by: Wietze <wietze@users.noreply.github.com>
 2024-03-31 13:43:00 +01:00
Axel Boesenach
3aa721515b Fix typo in /z command parameter (#360) 2024-03-23 11:13:30 +00:00
j00c3
23bf33c7c4 Update MITRE T1185 to T1105 (#345) 2024-02-17 17:30:52 +00:00
Bjarne
ce53e1376a Moved text to correct line (#349) 
Moved "and show response in terminal" from `Command` to `Description`
 2024-02-17 17:14:08 +00:00
Lino
bba87a6c2a TypoFix: Addinutil.yml (#342) 
Small typo fix:
serliaized -> serialized
 2024-02-13 13:37:40 +00:00
Wietze
80267d91dd Adding GitHub Actions workflow test for duplicate filenames (#340) 
* Adding GitHub Actions workflow test for duplicate filenames

* Adding generic error message

* Deduping fsutil.exe and teams.exe
 2023-11-07 20:55:24 -05:00
Grzegorz Tworek
5b4d6d604c Create Fsutil.yml (#339) 2023-11-06 15:01:59 +01:00
pfiatde
ee78111254 Update Msiexec.yml (#333) 
* Update Msiexec.yml

Added transform file execution

* Update Msiexec.yml
 2023-11-06 13:47:04 +01:00
Wietze
760151b598 Fixing yml files with .yaml extension (#338) 2023-10-19 17:17:15 +01:00
frack113
4f83231697 Update old sigma link (#303) 
* Update SigmaHQ ref

Signed-off-by: frack113 <62423083+frack113@users.noreply.github.com>

* Update SigmaHQ ref

Signed-off-by: frack113 <62423083+frack113@users.noreply.github.com>

* Update SigmaHq ref

Signed-off-by: frack113 <62423083+frack113@users.noreply.github.com>

* Update SigmaHq ref

Signed-off-by: frack113 <62423083+frack113@users.noreply.github.com>

---------

Signed-off-by: frack113 <62423083+frack113@users.noreply.github.com>
 2023-10-18 11:30:34 -04:00
Onat Uzunyayla
7aba6fb550 Create vstest.console.exe (#322) 
* vstest.console.exe awl bypass

* Create testwindowremoteagent.yaml

Data Exfiltration with TestWindowRemoteAgent.exe is added

* Create vstest.yaml

In order to utilize this, you have to create a Unit Test project for c++ preferrably (because it builds into a single DLL easily) and write your malicious code inside the test method then build it. the main function will not run any code at all but when you call vstest.console to run your unit tests it also performs the other code inside the test method so you can run your code without directly running exe or dll

* Delete testwindowremoteagent.yaml

* Update vstest.yaml

A new description added
 2023-10-18 11:28:04 -04:00
Kamran Saifullah - Frog Man
b13eb6f4fd DevTunnels - Other MS Binary for Data Exfiltration (#327) 
* Add files via upload

* updated devtunnels.yml

* Update devtunnels.yml

* Update devtunnels.yml

* Update devtunnels.yml

* Updated Priviliges
 2023-10-15 00:05:54 +02:00