public-mirrors/LOLBAS
1
0
Fork 0
mirror of https://github.com/LOLBAS-Project/LOLBAS synced 2025-01-01 01:27:53 +01:00
Code Issues Projects Releases Wiki Activity
784 Commits 4 Branches 0 Tags 11 MiB
d8402e6651
Commit Graph

190 Commits

Author SHA1 Message Date
Ekitji
be19ab3d53
Update Dsdbutil.yml 
fixed linking?? removed extra ---
 2023-08-22 18:30:30 +02:00
Wietze
03c148682a
Minor change to trigger CI checks 2023-08-05 19:15:24 +01:00
Ronnie Salomonsen
4ffdf0ec0b
Updated msxsl.yml to include a download and ADS category (#276) 2023-08-05 18:04:09 +01:00
Bobby Cooke
fe64c63211
VSDiagnostics Execute lolbin (#309) 
Co-authored-by: Wietze <wietze@users.noreply.github.com>
 2023-08-05 17:18:48 +01:00
Vikas Singh
fa3f6bbc0c
Update Dxcap.yml (#296) 
Co-authored-by: Wietze <wietze@users.noreply.github.com>
 2023-06-27 13:42:47 +01:00
Ryan Plas
62ed936a39
Add missing document starts and add yamllint rule (#305) 2023-06-23 20:55:39 +01:00
frack113
e8ea28d4e9
Update SigmaHQ ref (#301) 
Signed-off-by: frack113 <62423083+frack113@users.noreply.github.com>
 2023-06-19 22:40:24 +01:00
C-h4ck-0
8aca00a56b
Update ProtocolHandler.yml (#267) 
Co-authored-by: Wietze <wietze@users.noreply.github.com>
 2023-06-17 22:18:06 +01:00
frack113
e08b10f437
Fix sigmaHQ ref (#300) 
Signed-off-by: frack113 <62423083+frack113@users.noreply.github.com>
 2023-06-17 20:29:07 +01:00
frack113
55b7556b64 Add Sigma ref 
Signed-off-by: frack113 <62423083+frack113@users.noreply.github.com>
 2023-06-10 08:12:12 +02:00
Ekitji
3eb7625da4
Update Dsdbutil.yml 2023-06-08 01:07:25 +03:00
Ekitji
1a3ada3984
Update Dsdbutil.yml 2023-06-08 01:02:51 +03:00
Ekitji
3556f254b2
dsdbutil.exe 
LOLBIN for dumping NTDS
 2023-05-31 16:52:51 +02:00
mrd0x
787c87470e
Several LOLBINs additions & modifications (#192) 
Co-authored-by: Wietze <wietze@users.noreply.github.com>
 2023-03-31 13:46:21 +01:00
YamAlon
8283b4b7e3
Added fsi to dotnet.exe (#281) 
Co-authored-by: Wietze <wietze@users.noreply.github.com>
 2023-02-25 20:10:45 +00:00
bohops
cd16f0aff3
Add vsls-agent lolbin and committing a few other changes (#263) 
Co-authored-by: Wietze <wietze@users.noreply.github.com>
 2023-02-25 18:47:44 +00:00
frack113
1072d3dc34
Add sigma ref Detection (#272) 
* Add sigma ref

* Add missing sigma ref

* Fix sigma link

* Remove by Defender

* Remove by Defender
 2022-12-29 09:51:15 -05:00
securepeacock
8ff159abb7
Update Wfc.yml with Sigma (#223) 
* Update Wfc.yml

* Update acknowledgement

* Update Wfc.yml

* fix line feed issue after conflict

Co-authored-by: bohops <bohops>
 2022-12-29 00:22:39 -05:00
securepeacock
41f5d6f33b
Update VisualUiaVerifyNative.yml with Sigma (#224) 
* Update VisualUiaVerifyNative.yml

* Update acknowledgement

* Update VisualUiaVerifyNative.yml

* fix line feed issue after conflict

* fix line feed issue after conflict

* fix line feed issue after conflict

* fix line feed issue after conflict

Co-authored-by: bohops <bohops>
 2022-12-29 00:15:31 -05:00
securepeacock
1833ddd391
Update FsiAnyCpu.yml with Sigma (#225) 
* Update FsiAnyCpu.yml

* Update acknowledgement

* Update FsiAnyCpu.yml

* fix line feed issue after conflict

Co-authored-by: bohops <jimmy@jbtech.us>
 2022-12-28 23:50:51 -05:00
securepeacock
8d35738a1f
Update Fsi.yml with Sigma (#226) 
* Update Fsi.yml

* Update acknowledgement

* Remove newline

* resolving unix lf issue with fsi

* resolving unix lf issue with fsi

* resolving fsi issue

Co-authored-by: bohops <jimmy@jbtech.us>
 2022-12-28 23:41:27 -05:00
securepeacock
c19a2e3cf8
Update Remote.yml with Sigma (#227) 
* Update Remote.yml

* Update acknowledgement

Co-authored-by: bohops <jimmy@jbtech.us>
 2022-12-28 21:24:57 -05:00
Nasreddine Bencherchali
0d7efb8ead
Adding and updating various LOLBINS (#229) 
Co-authored-by: Wietze <wietze@users.noreply.github.com>
 2022-11-11 16:42:44 +00:00
Wietze
a0556744d1
Merge branch 'master' into windows_11_sprint 2022-10-04 15:45:57 +01:00
Daniel Santos
4217d0f8ca
Adding .NET Core binary createdump.exe (#240) 
Co-authored-by: Daniel Santos <vovohelo@gmail.com>
Co-authored-by: Wietze <wietze@users.noreply.github.com>
 2022-10-04 13:23:10 +01:00
securepeacock
461fbaf787
Update Powerpnt.yml with Sigma (#222) 
Co-authored-by: Wietze <wietze@users.noreply.github.com>
 2022-10-04 12:36:49 +01:00
Wietze
76acca6f2b
Merge branch 'master' into windows_11_sprint 2022-10-04 12:31:31 +01:00
C-h4ck-0
ea68ad824d
Adding 3 Microsoft Office-based downloaders (#238) 
Co-authored-by: Wietze <wietze@users.noreply.github.com>
 2022-10-04 12:13:56 +01:00
Wietze
67e1040172
Merge remote-tracking branch 'upstream/master' into windows_11_sprint 2022-10-03 16:18:57 +01:00
Filipe Spencer
d780de4ece Prep for new yamllint 2022-09-16 11:29:26 +00:00
Conor Richard
3347e43b3f
Merge branch 'master' into alias_introduction 2022-09-15 13:54:50 -04:00
xenoscr
2c3653f0c4
Fixing more file formatting issues. 2022-09-11 01:36:14 -04:00
xenoscr
654cdd2d61
Fixing file formating. 2022-09-11 01:33:36 -04:00
xenoscr
6e253a7a38
Adding missing OperatingSystem values. 2022-09-11 00:22:36 -04:00
xenoscr
68e5795aec
Fixing Acknowledgement values. 2022-09-11 00:20:05 -04:00
xenoscr
aa1e1ea2be
Adding no defualt paths to pass schema validations 2022-09-11 00:16:59 -04:00
xenoscr
c933426c1a
Adding missing Path value. 2022-09-11 00:03:30 -04:00
xenoscr
1bd305e3a3
Adding missing Usecase values. 2022-09-10 23:53:21 -04:00
xenoscr
0ed1694bf1
Correcting 'AWL bypass' to 'AWL Bypass' 2022-09-10 22:55:32 -04:00
xenoscr
ce36f924fc
Removing extra --- from each yaml file 2022-09-10 22:16:47 -04:00
fslds
3162825fdc
Split procdump name pattern into two actual names. 2022-08-08 20:27:04 +00:00
Wietze
7797a1967c
Merge branch 'master' into windows_11_sprint 2022-05-24 08:38:50 +01:00
ManuelBerrueta
68b772a567 Updated yml/OtherMSBinaries/Sqlps.yml, used recently in a campaign shared my Microsoft Security Intelligence. Would be useful reference for Red Teamers/Offensive Security Engineers as well as Blue Teamers/Defenders who reference this open source project/library. 2022-05-19 07:12:37 -07:00
bohops
3571a7ad88
Create AccCheckConsole.yml (#187) 2022-05-15 21:55:16 +01:00
mrd0x
7c2f3231d3
Adding Dump64.exe (#182) 
Co-authored-by: mrd0x <mrd0x@example.com>
Co-authored-by: Wietze <wietze@users.noreply.github.com>
 2022-05-15 21:21:45 +01:00
Wietze
e4261b1f02
Fixing typo 2022-04-26 16:59:14 +01:00
Andrew Kisliakov
ada7f7f6c3 Microsoft Teams as a LOLbin 2022-01-17 08:11:47 +00:00
Wietze
085aaa37b1
Adding more missed-out entries 2021-12-15 11:50:18 +00:00
Wietze
39d4e815af
Minor formatting changes (redudant backslashes, incorrect dates, typos, etc.) 2021-12-14 14:57:32 +00:00
bohops
23dd0236ae
Detection Resources and Other Updates (#179) 
* Add detection links for scripts

* Add detection links for OtherMSBins. Fixed and updated as needed.

* Add detection links for MSBins. Fixed and updated as needed.

* Add detection links for oslibraries

* Updating template for Detections

* Removing empty Detection:Sigma entries

* Remove redundant blank line

* Replacing commit URL with file URL

Co-authored-by: root <root@DESKTOP-5CR935D.localdomain>
Co-authored-by: Wietze <wietze@users.noreply.github.com>
 2021-11-15 08:19:03 -05:00
akshat pradhan
2031916b1a
ATT&CK realignment, typo fixes (#178) 
* Corrected Mitre TID for pnputil
* Fixed Command misspells
 2021-11-14 17:27:17 +00:00
Wietze
2380c506d4
LSASS realign to T1003.001 2021-11-05 20:35:58 +00:00
Wietze
df8c88f4ca
Remaping NTDS entries to T1003.003 2021-11-05 20:32:44 +00:00
Wietze
2577066af9
More changes (mainly changing generic T1218 to dev-specific T1127) 2021-11-05 20:06:57 +00:00
Wietze
4f7ec8d2af
MITRE ATT&CK realignment sprint 2021-11-05 18:58:26 +00:00
Oddvar Moe
7a34f57a31
Update Procdump.yml 2021-10-22 16:49:59 +02:00
Oddvar Moe
e70295bc7c
Merge pull request #163 from ajpc500/master 
added procdump dll load
 2021-10-22 16:48:46 +02:00
Oddvar Moe
a55e2249c1
Merge branch 'master' into fixing-yaml-issues 2021-10-22 14:53:09 +02:00
ajpc500
079e3cd72a added procdump dll load 2021-10-14 17:32:17 +01:00
root
b5357cdec0 Adding app-ctrl bypass bins and a few lolscripts 2021-09-26 23:31:30 -04:00
bohops
c48a5ea1ea
Merge pull request #159 from timwhitez/master 
Create VSIISExeLauncher.yml
 2021-09-25 22:51:39 -04:00
bohops
cab273394a
Merge pull request #126 from ahmadalsabagh/fix 
Fixed the resources link
 2021-09-25 22:30:23 -04:00
TimWhite
9336b4d599
Update VSIISExeLauncher.yml 2021-09-24 15:28:39 +08:00
TimWhite
559d9bc3ff
Create VSIISExeLauncher.yml 2021-09-24 15:28:01 +08:00
SpookySec
d539a7dacd edited cdb.yml 2021-02-12 22:26:16 +03:00
SpookySec
84de927a83 edited cdb.yml 2021-02-08 16:28:25 +03:00
ahmad
3ca7bdc542 Fixed the url 2021-01-22 06:33:58 -05:00
Oddvar Moe
9ce6984dd7
Merge pull request #121 from ahmadalsabagh/adplus.exe 
Create Adplus.yml
 2021-01-21 22:56:34 +01:00
Oddvar Moe
515235a202
Merge pull request #120 from ahmadalsabagh/remote.exe 
Create remote.yml
 2021-01-21 22:52:24 +01:00
Oddvar Moe
e9e458d6b7
Merge pull request #111 from michalani/patch-1 
Addded missing path for winword.exe
 2021-01-21 22:32:24 +01:00
Wietze
5ec4de562b
Fixed acknowledgements 2021-01-10 15:45:25 +00:00
Wietze
14dca38278
Standardise date formats (see https://yaml.org/type/timestamp.html) 2021-01-10 15:04:52 +00:00
Ahmad AS
be69f54245
Update Adplus.yml 2021-01-09 03:00:05 -05:00
ahmad
080fe4ca5b Create Adplus.yml 2021-01-09 02:56:32 -05:00
Ahmad AS
4254927f78
Update Remote.yml 2021-01-06 23:31:01 -05:00
ahmad
7dab1b916e Create remote.yml 2021-01-06 20:48:25 -05:00
michalani
36b28ddd98
Update Winword.yml 2020-12-03 01:03:08 +00:00
jesgal
9642f81be7
Update Update.yml 
I update this LolBin to create persistence of payload.exe in the directory "%appdata%\Microsoft\Windows\Start Menu\Programs\Startup" by running payload.exe with the argument "--createShortcut" and "--removeShortcut".
 2020-10-29 09:12:28 +01:00
Conor Richard
edbd01860c
Merge pull request #97 from MartinSohn/master 
Create Coregen.yml - Thank you for the contribution!
 2020-10-24 21:49:09 -04:00
xenoscr
de169664d6 Finxing missing quotes 2020-10-22 21:51:57 -04:00
Martin
47c03c97b8
Typo 2020-10-10 19:54:50 +00:00
Martin
22d9bbe92a
Initial commit of Coregen.yml 2020-10-09 17:10:49 +02:00
checkymander
a45d4ca25c
Create DefaultPack.yml 
Added DefaultPack.EXE LOLBin
 2020-10-01 22:37:00 -04:00
Oddvar Moe
525fc0c1eb Added missing ticks in Diantz 2020-08-24 09:48:07 +02:00
Oddvar Moe
c5c6820c56
Rename agentexecutor.yml to Agentexecutor.yml 2020-08-24 09:42:07 +02:00
Oddvar Moe
a7da0deddd
Merge pull request #77 from leftp/master 
Added method for AgentExecutor
 2020-08-24 09:41:22 +02:00
Oddvar Moe
8cf6ef53fb
Rename squirrel.yml to Squirrel.yml 2020-08-15 00:27:11 +02:00
Oddvar Moe
39f55359ef
Rename update.yml to Update.yml 2020-08-15 00:26:53 +02:00
Oddvar Moe
020416d098
Delete Update.yml 2020-08-15 00:26:35 +02:00
Reegun J
ed1e113460
Update update.yml 
Hi, I have updated with new findings - Reegun
 2020-08-10 11:31:48 +08:00
Eleftherios Panos
3710c1c972 Added method for AgentExecutor 2020-07-23 13:58:30 +03:00
bohops
92f020b885
Added dotnet msbuild awl bypass technique 2020-07-03 14:56:06 -04:00
Clément Notin
ae3d9b9b6b
sqldumper: minor fix mis-typed words 2020-06-15 23:33:34 +02:00
Oddvar Moe
9722cceb9e Added download example to wsl.exe 2020-03-25 11:33:02 +01:00
Oddvar Moe
f2fa2ef989 Added additional example to wsl.exe 2020-03-25 10:26:59 +01:00
Oddvar Moe
dc3a211c89 Re-added ntdsutil 2020-03-17 10:55:59 +01:00
Oddvar Moe
4bef10b147 adjusted rasautou and removed ntdsutil 2020-03-16 20:10:17 +01:00
Tony M Lambert
e2f217c777 ntdsutil addition 2020-01-10 22:53:34 -06:00
Oddvar Moe
7030e00929 Capitalized dotnet name 2020-01-07 08:40:24 +01:00
Oddvar Moe
e1b36a25bd
Rename dotnet.yml to Dotnet.yml 2020-01-07 08:37:36 +01:00