Commit Graph

135 Commits

Author SHA1 Message Date
onatuzunyayla
c65c9545f5 Create testwindowremoteagent.yaml
This one is pretty straightforward and related to the vstest so pushed the commit for this pull request. TestWindowRemoteAgent.exe is a signed DLL that can be utilized to be a gadget for data exfiltration since it tries connection to any host.
2023-08-25 15:49:14 +03:00
Ronnie Salomonsen
4ffdf0ec0b Updated msxsl.yml to include a download and ADS category (#276) 2023-08-05 18:04:09 +01:00
Bobby Cooke
fe64c63211 VSDiagnostics Execute lolbin (#309)
Co-authored-by: Wietze <wietze@users.noreply.github.com>
2023-08-05 17:18:48 +01:00
Vikas Singh
fa3f6bbc0c Update Dxcap.yml (#296)
Co-authored-by: Wietze <wietze@users.noreply.github.com>
2023-06-27 13:42:47 +01:00
Ryan Plas
62ed936a39 Add missing document starts and add yamllint rule (#305) 2023-06-23 20:55:39 +01:00
frack113
e8ea28d4e9 Update SigmaHQ ref (#301)
Signed-off-by: frack113 <62423083+frack113@users.noreply.github.com>
2023-06-19 22:40:24 +01:00
C-h4ck-0
8aca00a56b Update ProtocolHandler.yml (#267)
Co-authored-by: Wietze <wietze@users.noreply.github.com>
2023-06-17 22:18:06 +01:00
frack113
e08b10f437 Fix sigmaHQ ref (#300)
Signed-off-by: frack113 <62423083+frack113@users.noreply.github.com>
2023-06-17 20:29:07 +01:00
frack113
55b7556b64 Add Sigma ref
Signed-off-by: frack113 <62423083+frack113@users.noreply.github.com>
2023-06-10 08:12:12 +02:00
mrd0x
787c87470e Several LOLBINs additions & modifications (#192)
Co-authored-by: Wietze <wietze@users.noreply.github.com>
2023-03-31 13:46:21 +01:00
YamAlon
8283b4b7e3 Added fsi to dotnet.exe (#281)
Co-authored-by: Wietze <wietze@users.noreply.github.com>
2023-02-25 20:10:45 +00:00
bohops
cd16f0aff3 Add vsls-agent lolbin and committing a few other changes (#263)
Co-authored-by: Wietze <wietze@users.noreply.github.com>
2023-02-25 18:47:44 +00:00
frack113
1072d3dc34 Add sigma ref Detection (#272)
* Add sigma ref

* Add missing sigma ref

* Fix sigma link

* Remove by Defender

* Remove by Defender
2022-12-29 09:51:15 -05:00
securepeacock
8ff159abb7 Update Wfc.yml with Sigma (#223)
* Update Wfc.yml

* Update acknowledgement

* Update Wfc.yml

* fix line feed issue after conflict

Co-authored-by: bohops <bohops>
2022-12-29 00:22:39 -05:00
securepeacock
41f5d6f33b Update VisualUiaVerifyNative.yml with Sigma (#224)
* Update VisualUiaVerifyNative.yml

* Update acknowledgement

* Update VisualUiaVerifyNative.yml

* fix line feed issue after conflict

* fix line feed issue after conflict

* fix line feed issue after conflict

* fix line feed issue after conflict

Co-authored-by: bohops <bohops>
2022-12-29 00:15:31 -05:00
securepeacock
1833ddd391 Update FsiAnyCpu.yml with Sigma (#225)
* Update FsiAnyCpu.yml

* Update acknowledgement

* Update FsiAnyCpu.yml

* fix line feed issue after conflict

Co-authored-by: bohops <jimmy@jbtech.us>
2022-12-28 23:50:51 -05:00
securepeacock
8d35738a1f Update Fsi.yml with Sigma (#226)
* Update Fsi.yml

* Update acknowledgement

* Remove newline

* resolving unix lf issue with fsi

* resolving unix lf issue with fsi

* resolving fsi issue

Co-authored-by: bohops <jimmy@jbtech.us>
2022-12-28 23:41:27 -05:00
securepeacock
c19a2e3cf8 Update Remote.yml with Sigma (#227)
* Update Remote.yml

* Update acknowledgement

Co-authored-by: bohops <jimmy@jbtech.us>
2022-12-28 21:24:57 -05:00
Nasreddine Bencherchali
0d7efb8ead Adding and updating various LOLBINS (#229)
Co-authored-by: Wietze <wietze@users.noreply.github.com>
2022-11-11 16:42:44 +00:00
Wietze
a0556744d1 Merge branch 'master' into windows_11_sprint 2022-10-04 15:45:57 +01:00
Daniel Santos
4217d0f8ca Adding .NET Core binary createdump.exe (#240)
Co-authored-by: Daniel Santos <vovohelo@gmail.com>
Co-authored-by: Wietze <wietze@users.noreply.github.com>
2022-10-04 13:23:10 +01:00
securepeacock
461fbaf787 Update Powerpnt.yml with Sigma (#222)
Co-authored-by: Wietze <wietze@users.noreply.github.com>
2022-10-04 12:36:49 +01:00
Wietze
76acca6f2b Merge branch 'master' into windows_11_sprint 2022-10-04 12:31:31 +01:00
C-h4ck-0
ea68ad824d Adding 3 Microsoft Office-based downloaders (#238)
Co-authored-by: Wietze <wietze@users.noreply.github.com>
2022-10-04 12:13:56 +01:00
Wietze
67e1040172 Merge remote-tracking branch 'upstream/master' into windows_11_sprint 2022-10-03 16:18:57 +01:00
Filipe Spencer
d780de4ece Prep for new yamllint 2022-09-16 11:29:26 +00:00
Conor Richard
3347e43b3f Merge branch 'master' into alias_introduction 2022-09-15 13:54:50 -04:00
xenoscr
2c3653f0c4 Fixing more file formatting issues. 2022-09-11 01:36:14 -04:00
xenoscr
654cdd2d61 Fixing file formating. 2022-09-11 01:33:36 -04:00
xenoscr
6e253a7a38 Adding missing OperatingSystem values. 2022-09-11 00:22:36 -04:00
xenoscr
68e5795aec Fixing Acknowledgement values. 2022-09-11 00:20:05 -04:00
xenoscr
aa1e1ea2be Adding no defualt paths to pass schema validations 2022-09-11 00:16:59 -04:00
xenoscr
c933426c1a Adding missing Path value. 2022-09-11 00:03:30 -04:00
xenoscr
1bd305e3a3 Adding missing Usecase values. 2022-09-10 23:53:21 -04:00
xenoscr
0ed1694bf1 Correcting 'AWL bypass' to 'AWL Bypass' 2022-09-10 22:55:32 -04:00
xenoscr
ce36f924fc Removing extra --- from each yaml file 2022-09-10 22:16:47 -04:00
fslds
3162825fdc Split procdump name pattern into two actual names. 2022-08-08 20:27:04 +00:00
Wietze
7797a1967c Merge branch 'master' into windows_11_sprint 2022-05-24 08:38:50 +01:00
ManuelBerrueta
68b772a567 Updated yml/OtherMSBinaries/Sqlps.yml, used recently in a campaign shared my Microsoft Security Intelligence. Would be useful reference for Red Teamers/Offensive Security Engineers as well as Blue Teamers/Defenders who reference this open source project/library. 2022-05-19 07:12:37 -07:00
bohops
3571a7ad88 Create AccCheckConsole.yml (#187) 2022-05-15 21:55:16 +01:00
mrd0x
7c2f3231d3 Adding Dump64.exe (#182)
Co-authored-by: mrd0x <mrd0x@example.com>
Co-authored-by: Wietze <wietze@users.noreply.github.com>
2022-05-15 21:21:45 +01:00
Wietze
e4261b1f02 Fixing typo 2022-04-26 16:59:14 +01:00
Wietze
085aaa37b1 Adding more missed-out entries 2021-12-15 11:50:18 +00:00
Wietze
39d4e815af Minor formatting changes (redudant backslashes, incorrect dates, typos, etc.) 2021-12-14 14:57:32 +00:00
bohops
23dd0236ae Detection Resources and Other Updates (#179)
* Add detection links for scripts

* Add detection links for OtherMSBins. Fixed and updated as needed.

* Add detection links for MSBins. Fixed and updated as needed.

* Add detection links for oslibraries

* Updating template for Detections

* Removing empty Detection:Sigma entries

* Remove redundant blank line

* Replacing commit URL with file URL

Co-authored-by: root <root@DESKTOP-5CR935D.localdomain>
Co-authored-by: Wietze <wietze@users.noreply.github.com>
2021-11-15 08:19:03 -05:00
akshat pradhan
2031916b1a ATT&CK realignment, typo fixes (#178)
* Corrected Mitre TID for pnputil
* Fixed Command misspells
2021-11-14 17:27:17 +00:00
Wietze
2380c506d4 LSASS realign to T1003.001 2021-11-05 20:35:58 +00:00
Wietze
df8c88f4ca Remaping NTDS entries to T1003.003 2021-11-05 20:32:44 +00:00
Wietze
2577066af9 More changes (mainly changing generic T1218 to dev-specific T1127) 2021-11-05 20:06:57 +00:00
Wietze
4f7ec8d2af MITRE ATT&CK realignment sprint 2021-11-05 18:58:26 +00:00