LOLBAS

mirror of https://github.com/LOLBAS-Project/LOLBAS synced 2025-01-05 03:21:21 +01:00

Author	SHA1	Message	Date
hegusung	5210291b3c	Update Iediagcmd.yml Tags Added Tags Execute EXE Input Fixed Format	2024-10-13 13:29:36 +02:00
hegusung	0a8785481d	Update Ie4uinit.yml Added Tags: Execute INF Input: Fixed Format	2024-10-13 13:26:30 +02:00
hegusung	bbe0681a9a	Update Hh.yml Tags and Added command Added the command to execute remote CHM files Added Tags	2024-10-13 13:24:23 +02:00
hegusung	4e60ead5f7	Update Gpscript.yml Tags Added Tags: - Execute CMD - Input Fixed Format	2024-10-13 13:15:50 +02:00
hegusung	eb06fb5266	Update Ftp.yml Tags Added Tags: - Execute CMD - Input Custom Format	2024-10-13 13:13:21 +02:00
hegusung	d8c1def350	Update Fsutil.yml Tags Added Tags: Execute: EXE Input: Fixed Format	2024-10-13 13:12:20 +02:00
hegusung	3db62fffdc	Update Forfiles.yml Tags Added Tags: - Execute EXE - Input: Custom Format	2024-10-13 13:11:05 +02:00
hegusung	44a2e0c6e1	Update Extexport.yml Tags Added Tags: - Input CustomFormat	2024-10-13 13:08:11 +02:00
hegusung	ec76e9e49f	Update Explorer.yml Tags Added Tags: - Execute EXE - Input: Custom Format	2024-10-13 13:07:06 +02:00
hegusung	524ef32173	Update Dnscmd.yml Tags Added Tags: - Execution: Remote - Input: Custom Format	2024-10-13 13:05:06 +02:00
hegusung	0c36af16d5	Update Diskshadow.yml Tags Added Tags: - Execute CMD - Input CustomFormat	2024-10-13 13:03:33 +02:00
hegusung	daee90f6cd	Update Dfsvc.yml Tags Added Tags: - Execute ClickOnce - Execute Remote - Input Custom Format	2024-10-13 12:37:51 +02:00
hegusung	7642b8cd86	Update CustomShellHost.yml Tags Added Tags: - Execute EXE - Input Fixed Format	2024-10-13 12:35:23 +02:00
hegusung	20ff06dd26	Update Cscript.yml Tags Added Input tag	2024-10-13 12:33:41 +02:00
hegusung	2bf4516881	Update Control.yml Added Execution section to Control.exe Added tags: - Input Custom Format	2024-10-13 12:26:15 +02:00
hegusung	bb484e278e	Update Conhost.yml Execute and Input Tags added	2024-10-13 12:19:14 +02:00
hegusung	6546853446	Update Cmstp.yml Tags: Changed Input: INF to Execute INF for consistency Inout: Customformat added	2024-10-13 12:16:28 +02:00
hegusung	3123301802	Update Certoc.yml Added Tags: - Input: CustomFormat	2024-10-13 12:06:18 +02:00
hegusung	6d4ac1c680	Update Bash.yml Added tags: - Execute: CMD - Input: Custom format	2024-10-13 12:02:27 +02:00
hegusung	a199ff5deb	Update Atbroker.yml Added the following tags: - Execute: EXE - Input: Custom Format	2024-10-13 11:59:14 +02:00
hegusung	58d2f4c79c	Update At.yml Added tags - Execute: EXE - Input: Custom Format	2024-10-13 11:55:20 +02:00
hegusung	e5731033b2	Update Addinutil.yml Tags added: - .NetObjects - Fixed Format	2024-10-13 11:50:14 +02:00
hegusung	56ad2e7593	Update Installutil.yml Changed tags Execute DLL to Execute .NetDLL Added Execute: .NetEXE tag	2024-10-13 11:11:44 +02:00
Wietze	39a7120d40	Adding Windows file path validation for values of File_Path (#403 )	2024-10-01 23:14:19 +01:00
Eron Clarke	50e17c089a	Add ComputerDefaults.yml (#400 ) Co-authored-by: Wietze <wietze@users.noreply.github.com>	2024-09-25 23:47:41 +01:00
Avihay Eldad	9b1a98794b	Update Wmic.yml (#355 )	2024-09-15 17:31:17 +01:00
Ekitji	9ee5548623	Updates in Stordiag.exe (#394 )	2024-09-10 13:31:38 +01:00
p4yl0ad	cfd827fe6d	Fixing some paths / adding some paths, this will improve upstream hunting tool efficacy if proper paths are referenced in the yml (#392 )	2024-09-07 15:07:46 +01:00
deadjakk	61bff01584	Odbcconf.yml - Corrected incorrect privileges (#396 )	2024-09-07 15:01:46 +01:00
unrooted	659a0240e8	Update Winget.yml (#384 ) Co-authored-by: Wietze <wietze@users.noreply.github.com>	2024-08-17 23:52:52 +01:00
TAbdiukov	5b12df2b93	Makecab - LOLBAS command, more information about Windows compatibility (#389 ) --------- Co-authored-by: Wietze <wietze@users.noreply.github.com>	2024-08-17 22:16:07 +01:00
TAbdiukov	5826e4d415	Adding more operating systems to extrac32.exe (#387 ) Co-authored-by: Wietze <wietze@users.noreply.github.com>	2024-08-17 22:10:48 +01:00
TAbdiukov	e09cf1066f	Add Diantz directives/DDF entry to diantz.exe (#390 ) Co-authored-by: Wietze <wietze@users.noreply.github.com>	2024-08-17 22:02:55 +01:00
Avihay Eldad	74ffaa534f	Add Ngen.exe (#357 ) Co-authored-by: Wietze <wietze@users.noreply.github.com>	2024-07-15 20:59:23 +01:00
Dr. Gerald Yaya	5d80e48159	Correct Winget.yml Spelling (#379 ) Corrected some spelling mistakes in the "Privileges" node of Winget.yml	2024-06-03 17:52:55 +01:00
Borja	2185ade1f2	Update Msiexec.yml (#369 )	2024-05-22 18:59:51 +01:00
Mozhar Alhosni	91a3e80d8f	Update Csc.yml (#376 ) Co-authored-by: Wietze <wietze@users.noreply.github.com>	2024-05-22 18:55:40 +01:00
Lino	5d7ec48f4f	Update Msiexec.yml (#377 ) Fixed spelling	2024-05-20 16:49:27 -04:00
Wietze	2cc0ee99e6	Applying MITRE ATT&CK v15 changes (#370 ) https://attack.mitre.org/resources/updates/updates-april-2024/	2024-04-24 15:10:59 +01:00
$frack113$ frack113	2cc01b0113	Add Detection Sigma ref (#368 )	2024-04-19 18:53:37 +01:00
irEasty	fc23c999e6	Create wbadmin (#364 ) Co-authored-by: Wietze <wietze@users.noreply.github.com>	2024-04-05 19:38:21 +01:00
Wietze	ebbf08ec4d	Adding tags (closes #9 , #318 ) (#362 ) * Adding various tags as a first iteration * Adding quotes * Adding 'Custom Format' properly * Updating to key:value pairs * Update template	2024-04-03 11:53:36 -04:00
Avesta	33b9574d04	Update Tar.yml (#310 ) Co-authored-by: Wietze <wietze@users.noreply.github.com>	2024-03-31 14:00:57 +01:00
Axel Boesenach	3aa721515b	Fix typo in /z command parameter (#360 )	2024-03-23 11:13:30 +00:00
j00c3	23bf33c7c4	Update MITRE T1185 to T1105 (#345 )	2024-02-17 17:30:52 +00:00
Bjarne	ce53e1376a	Moved text to correct line (#349 ) Moved "and show response in terminal" from `Command` to `Description`	2024-02-17 17:14:08 +00:00
Lino	bba87a6c2a	TypoFix: Addinutil.yml (#342 ) Small typo fix: serliaized -> serialized	2024-02-13 13:37:40 +00:00
Wietze	80267d91dd	Adding GitHub Actions workflow test for duplicate filenames (#340 ) * Adding GitHub Actions workflow test for duplicate filenames * Adding generic error message * Deduping fsutil.exe and teams.exe	2023-11-07 20:55:24 -05:00
Grzegorz Tworek	5b4d6d604c	Create Fsutil.yml (#339 )	2023-11-06 15:01:59 +01:00
pfiatde	ee78111254	Update Msiexec.yml (#333 ) * Update Msiexec.yml Added transform file execution * Update Msiexec.yml	2023-11-06 13:47:04 +01:00
Wietze	760151b598	Fixing yml files with .yaml extension (#338 )	2023-10-19 17:17:15 +01:00
$frack113$ frack113	4f83231697	Update old sigma link (#303 ) * Update SigmaHQ ref Signed-off-by: frack113 <62423083+frack113@users.noreply.github.com> * Update SigmaHQ ref Signed-off-by: frack113 <62423083+frack113@users.noreply.github.com> * Update SigmaHq ref Signed-off-by: frack113 <62423083+frack113@users.noreply.github.com> * Update SigmaHq ref Signed-off-by: frack113 <62423083+frack113@users.noreply.github.com> --------- Signed-off-by: frack113 <62423083+frack113@users.noreply.github.com>	2023-10-18 11:30:34 -04:00
Onat Uzunyayla	7aba6fb550	Create vstest.console.exe (#322 ) * vstest.console.exe awl bypass * Create testwindowremoteagent.yaml Data Exfiltration with TestWindowRemoteAgent.exe is added * Create vstest.yaml In order to utilize this, you have to create a Unit Test project for c++ preferrably (because it builds into a single DLL easily) and write your malicious code inside the test method then build it. the main function will not run any code at all but when you call vstest.console to run your unit tests it also performs the other code inside the test method so you can run your code without directly running exe or dll * Delete testwindowremoteagent.yaml * Update vstest.yaml A new description added	2023-10-18 11:28:04 -04:00
SILJAEUROPA	fa3b5ed33c	added addinutil lolbas binary (#335 ) * added addinutil lolbas binary * updated format for lint * EOF LF	2023-10-09 09:05:57 +02:00
Manas Bellani	d6e4fb07d5	Added lolbas iediagcmd.exe as discovered by Adam @hexacorn (#199 ) Everything looks good, confirmed working on Windows 10 & 11, merging changes: * Added 'Execute' lolbas for iediagcmd.exe * Added missing fields from the template * Update Iediagcmd.yml Made corrections * Update Iediagcmd.yml Removing trailing spaces * Update Iediagcmd.yml removing empty fields * Minor changes * Update Iediagcmd.yml Removing space before first "&". When setting the Environment variable, it's picking up the space so the path seemed to be "c:\test \", which is why tests are failing. * Adding Windows 11 support --------- Co-authored-by: Conor Richard <xenos@xenos-1.net> Co-authored-by: Wietze <wietze@users.noreply.github.com>	2023-10-04 09:47:18 -04:00
securepeacock	fd9fae8321	Added Sigma to Teams.exe (#329 )	2023-10-03 12:04:39 +01:00
Jose Enrique Hernandez	a493c20989	Merge pull request #320 from mertdas/master Create msedge_proxy.yml	2023-09-05 13:26:30 -04:00
Mert Daş	e75e99f1cf	Update msedge_proxy.yml	2023-09-05 18:47:05 +03:00
Mert Daş	e585183dcd	Update msedge_proxy.yml	2023-09-05 18:45:00 +03:00
Mert Daş	69976b4880	Update msedge_proxy.yml	2023-09-05 18:41:36 +03:00
Mert Daş	fee20a0813	Update msedge_proxy.yml	2023-09-05 18:39:16 +03:00
Mert Daş	7da6f3216d	Update msedge_proxy.yml	2023-09-05 18:37:14 +03:00
Mert Daş	e2c58fcf31	Update msedge_proxy.yml	2023-09-03 22:28:00 +03:00
Mert Daş	d5f153b84b	Update msedge_proxy.yml	2023-09-03 22:23:40 +03:00
Mert Daş	f8743a4109	Update msedge_proxy.yml	2023-09-03 22:17:14 +03:00
Mert Daş	994aa792f0	Update msedge_proxy.yml	2023-09-03 22:11:01 +03:00
Mert Daş	247511bca8	Update msedge_proxy.yml	2023-09-03 21:51:32 +03:00
Mert Daş	a0874f2bb7	Update msedge_proxy.yml	2023-09-03 21:48:05 +03:00
Mert Daş	53f8fbe19b	Update msedge_proxy.yml	2023-09-03 21:44:41 +03:00
$frack113$ frack113	50c481795b	Add SigmaHQ ref Signed-off-by: frack113 <62423083+frack113@users.noreply.github.com>	2023-09-03 15:06:34 +02:00
Mert Daş	9d79fab230	Update msedge_proxy.yml	2023-08-25 21:24:58 +03:00
Mert Daş	0f3b483ae1	Update msedge_proxy.yml	2023-08-25 21:23:41 +03:00
Mert Daş	f4acc01906	Update msedge_proxy.yml	2023-08-18 17:47:17 +03:00
Mert Daş	68629128a3	Update msedge_proxy.yml	2023-08-18 17:44:23 +03:00
Mert Daş	b14ad21ff9	Create msedge_proxy.yml	2023-08-18 17:17:49 +03:00
Elliot Killick	65007296a6	Update Cmdl32.exe resource links (#317 )	2023-08-04 11:21:36 +01:00
Wietze	b50df49ac2	Added colorcpl.exe (#315 ) Co-authored-by: Arjan Onwezen <arjan.onwezen@gmail.com>	2023-07-27 18:18:49 +01:00
Grzegorz Tworek	7241a8b7fd	Create Provlaunch.yml (#307 ) Co-authored-by: Wietze <wietze@users.noreply.github.com>	2023-07-25 16:16:39 +01:00
Ryan Plas	62ed936a39	Add missing document starts and add yamllint rule (#305 )	2023-06-23 20:55:39 +01:00
$frack113$ frack113	e8ea28d4e9	Update SigmaHQ ref (#301 ) Signed-off-by: frack113 <62423083+frack113@users.noreply.github.com>	2023-06-19 22:40:24 +01:00
CyberSorcery	c3f2690633	Tar.exe lateral movement (#277 ) Co-authored-by: Wietze <wietze@users.noreply.github.com>	2023-06-17 22:25:34 +01:00
Black Shade	d71415de77	Create msedgewebview2.exe (#299 ) Co-authored-by: Wietze <wietze@users.noreply.github.com>	2023-06-17 21:56:16 +01:00
$frack113$ frack113	b52200eb89	Add sigma and remove ampty string (#297 ) Signed-off-by: frack113 <62423083+frack113@users.noreply.github.com>	2023-06-17 20:30:00 +01:00
Jose Enrique Hernandez	f5a3812c91	Merge pull request #295 from frack113/sigma_20230610 Add missing Sigma ref	2023-06-11 22:10:04 -04:00
$frack113$ frack113	55b7556b64	Add Sigma ref Signed-off-by: frack113 <62423083+frack113@users.noreply.github.com>	2023-06-10 08:12:12 +02:00
mr.d0x	ef8048344d	Update msedge.exe & add teams.exe	2023-05-27 12:11:05 -04:00
biscoito	1f7e8a3e57	Remove unnecessary "at" on command (#286 )	2023-05-01 23:36:38 +01:00
mrd0x	787c87470e	Several LOLBINs additions & modifications (#192 ) Co-authored-by: Wietze <wietze@users.noreply.github.com>	2023-03-31 13:46:21 +01:00
Wietze	a9046ecb85	Fixing newline in odbcconf entry	2023-03-25 16:21:34 +00:00
Wietze	06f33c91ae	Updating odbcconf, fixes #282 - thanks @hexacorn (#283 )	2023-03-25 16:14:04 +00:00
Mr. 0range	2b7fdcac03	Adding WebDav techniques to cmd.exe entry (#273 ) Added the documentation for the type command file transfer, ADS, and copy functionality --------- Co-authored-by: Wietze <wietze@users.noreply.github.com>	2023-03-08 14:39:32 +00:00
Wietze	74d010a893	Removing pre-Windows 10 OSs from CertReq entry, fixes #247	2023-02-25 19:19:22 +00:00
bohops	cd16f0aff3	Add vsls-agent lolbin and committing a few other changes (#263 ) Co-authored-by: Wietze <wietze@users.noreply.github.com>	2023-02-25 18:47:44 +00:00
febou92	ded90467a8	Create Ssh.yml (#211 ) * Create Ssh.yml * newline ymlint Co-authored-by: bohops <bohops>	2022-12-29 19:45:09 -05:00
$frack113$ frack113	1072d3dc34	Add sigma ref Detection (#272 ) * Add sigma ref * Add missing sigma ref * Fix sigma link * Remove by Defender * Remove by Defender	2022-12-29 09:51:15 -05:00
Grzegorz Tworek	ec676cbd93	Create Runexehelper.yml (#269 ) Co-authored-by: Wietze <wietze@users.noreply.github.com>	2022-12-17 17:30:30 +00:00
Michał Kucharski	8452c1ca96	Update eventvwr.yml with Execute part (#252 ) * Update eventvwr.yml with Execute part All things added based on https://twitter.com/orange_8361/status/1518970259868626944 and my re-tests. * Update Eventvwr.yml As asked by @bohops * Update Eventvwr.yml	2022-11-13 14:56:32 -05:00
Nasreddine Bencherchali	0d7efb8ead	Adding and updating various LOLBINS (#229 ) Co-authored-by: Wietze <wietze@users.noreply.github.com>	2022-11-11 16:42:44 +00:00
Grzegorz Tworek	1587eeaf6c	Create Setres.yml (#262 ) Co-authored-by: Wietze <wietze@users.noreply.github.com>	2022-10-26 11:15:13 +01:00
Wietze	c20f388444	Fixing minor error in description of Explorer, closes #257	2022-10-26 09:14:27 +01:00

1 2 3 4 5 ...

440 Commits