public-mirrors/LOLBAS
1
0
Fork 0
mirror of https://github.com/LOLBAS-Project/LOLBAS synced 2025-11-04 10:39:56 +01:00
Code Issues Projects Releases Wiki Activity
319 Commits 4 Branches 0 Tags
d539a7dacd33bdcb7bde8056dedcb5f86ceab4de
Commit Graph

143 Commits

Author SHA1 Message Date
Oddvar Moe
7c1a4a7959 Merge pull request #125 from wokis/master 
Added detection by Microsoft Defender Antivirus as Behavior:Win32/UACBypassExp.T!gen
 2021-01-21 22:58:24 +01:00
Oddvar Moe
b79a48f082 Fixed Category on pnputil 2021-01-21 22:54:58 +01:00
Oddvar Moe
2406d99f33 Rename pnputil.yml to Pnputil.yml 
Casing
 2021-01-21 22:49:19 +01:00
Oddvar Moe
64914b641c Adjusted error on pnputil yml file 2021-01-21 22:48:05 +01:00
Oddvar Moe
5b9c4f63dc Merge pull request #118 from LuxNoBulIshit/master 
Pnputil.exe
 2021-01-21 22:42:40 +01:00
Oddvar Moe
394d3c66f9 Merge pull request #112 from zeroSteiner/patch-1 
Update the affected operating systems for SyncAppvPublishingServer
 2021-01-21 22:35:50 +01:00
Oddvar Moe
97176a0a07 Merge pull request #110 from whickey-r7/patch-2 
Create AppInstaller.yml
 2021-01-21 22:29:35 +01:00
Oddvar Moe
6774d228a5 Merge pull request #109 from unexpectedBy/patch-2 
Create DataSvcUtil.yml
 2021-01-21 22:24:02 +01:00
wokis
00935f154e Update Wsreset.yml 
Added detection by Microsoft Defender Antivirus as Behavior:Win32/UACBypassExp.T!gen
 2021-01-20 14:47:23 +01:00
LuxNoBu!!shit
0d819439c5 Create pnputil.exe 2020-12-25 12:14:15 -08:00
Spencer McIntyre
deb249042b Update the affected operating systems for SyncAppvPublishingServer 2020-12-08 15:32:35 -05:00
whickey-r7
b381d04faf Create AppInstaller.yml 
New lolbin for downloading files in Windows 10.
 2020-12-02 11:35:49 -05:00
unload
bfe248b07e Create DataSvcUtil.yml 
Another data exfil way with lolbins
 2020-12-01 22:57:09 -03:00
Nasreddine Bencherchali
15d5ff302d Create Dllhost.yml 2020-11-07 14:22:24 +01:00
Conor Richard
d15172284a Merge pull request #101 from leo1-1/master 
added command to certutil
 2020-10-26 19:44:53 -04:00
Conor Richard
5806d33e70 Update Certutil.yml 2020-10-26 19:43:55 -04:00
leo1-1
64d5dffc4b Delete certutil.yml 2020-10-26 08:59:00 +02:00
leo1-1
76d79ea479 Update Certutil 2020-10-26 08:57:42 +02:00
leo1-1
2166960d4e changed path 2020-10-26 08:22:58 +02:00
Conor Richard
9a83179ddd Merge pull request #99 from dtmsecurity/master 
Create Wuauclt.yml
 2020-10-24 22:29:34 -04:00
Conor Richard
04c0e7ee38 Update Explorer.yml 
Fixing alignment in Acknowledgement section
 2020-10-22 22:00:05 -04:00
Conor Richard
4f19dbba19 Merge pull request #93 from C3dr1cMFE/add_MpCmdRun_Bypass 
Update MpCmdRun.yml
 2020-10-22 21:05:37 -04:00
Conor Richard
d281faccd3 Merge pull request #92 from whickey-r7/patch-1 
Update Xwizard.yml
 2020-10-22 20:57:55 -04:00
Conor Richard
9a6309d8de Update ConfigSecurityPolicy.yml 
Added link to Tweet from author containing an example usage.
 2020-10-22 20:38:50 -04:00
@dtmsecurity
651e156583 Create Wuauclt.yml 2020-10-12 19:24:45 +01:00
Cochin, Cedric
13026a481b Update MpCmdRun.yml 
DownloadFile option has been removed from current MpCmdRun.exe, but old binary remains on disk. Defender cmd line mitigation can be bypassed by simply renaming the binary in a folder controlled by the attacker
 2020-09-24 14:09:58 -07:00
whickey-r7
11aa1e503b Update Xwizard.yml 
This lolbin has functionality which allows downloading of files from the internet as well as previously outlined execution functionality.
 2020-09-16 16:34:47 +00:00
unload
6a5af9a71c Create ConfigSecurityPolicy.yml 2020-09-04 07:54:44 -03:00
Rich Rumble
1b00b374b3 Updated per suggestion 
Thanks!
 2020-09-03 11:46:25 -04:00
Rich Rumble
3078cc3755 Update MpCmdRun.yml 
Added note that slashes (/) can also be used as command separators, and that the UA is MpCommunication
Thanks!
 2020-09-03 10:39:24 -04:00
Oddvar Moe
63c9bc97c3 Added detection details on mpcmdrun 2020-09-03 15:29:32 +02:00
Oddvar Moe
5c5a218faf Updated links on mpcmdrun 2020-09-03 11:00:56 +02:00
Oddvar Moe
bfccb51085 Added MpCmdRun.exe 2020-09-03 10:55:37 +02:00
Oddvar Moe
9a5e2b114f Fixed the OS versions on Diantz 2020-09-03 10:28:49 +02:00
Oddvar Moe
38a3d406b0 Update and rename pktmon.yml to Pktmon.yml 2020-08-24 09:51:48 +02:00
Oddvar Moe
2bb6404160 Merge pull request #82 from binar-x79/patch-1 
Create pktmon.yml
 2020-08-24 09:49:44 +02:00
Oddvar Moe
525fc0c1eb Added missing ticks in Diantz 2020-08-24 09:48:07 +02:00
Oddvar Moe
9b290ba808 Update and rename diantz.yml to Diantz.yml 2020-08-24 09:46:09 +02:00
Oddvar Moe
48219b177f Merge pull request #80 from Tamirye/master 
Create diantz.yml
 2020-08-24 09:45:12 +02:00
Oddvar Moe
57346d17f4 Changed capitalization inside file 2020-08-24 09:34:56 +02:00
Oddvar Moe
4792d22ddd Rename vbc.yml to Vbc.yml 2020-08-24 09:33:37 +02:00
Oddvar Moe
380b8cfecd Rename ilasm.yml to Ilasm.yml 2020-08-24 09:33:22 +02:00
Oddvar Moe
fa3710ede5 Rename certreq.yml to Certreq.yml 2020-08-24 09:32:54 +02:00
Oddvar Moe
a104fbd075 Merge pull request #75 from dtmsecurity/master 
Create certreq.yml
 2020-08-24 09:30:16 +02:00
Oddvar Moe
2cf7d8cdeb Adjusted missing ticks in Acknowledgement 2020-08-24 09:28:38 +02:00
Oddvar Moe
84a6cd8e85 Merge pull request #66 from GoSecure/gosecure/ttdinject 
Added proxy execution for ttdinject.exe
 2020-08-24 09:25:29 +02:00
Oddvar Moe
2dabdb0840 adjusted extrac32 yml error 2020-08-15 00:13:16 +02:00
Oddvar Moe
a24bc5b946 Merge pull request #79 from LuxNoBulIshit/master 
add new usecase for Extrace32.exe
 2020-08-15 00:05:37 +02:00
Oddvar Moe
631996950a Update Extrac32.yml 2020-08-15 00:05:16 +02:00
binar-x79
eb0279838b Create pktmon.yml 2020-08-12 22:04:03 -07:00