public-mirrors/LOLBAS
1
0
Fork 0
mirror of https://github.com/LOLBAS-Project/LOLBAS synced 2025-01-02 18:17:09 +01:00
Code Issues Projects Releases Wiki Activity
900 Commits 4 Branches 0 Tags 11 MiB
eb3afc669e
Commit Graph

721 Commits

Author SHA1 Message Date
Wietze
760151b598
Fixing yml files with .yaml extension (#338) 2023-10-19 17:17:15 +01:00
frack113
4f83231697
Update old sigma link (#303) 
* Update SigmaHQ ref

Signed-off-by: frack113 <62423083+frack113@users.noreply.github.com>

* Update SigmaHQ ref

Signed-off-by: frack113 <62423083+frack113@users.noreply.github.com>

* Update SigmaHq ref

Signed-off-by: frack113 <62423083+frack113@users.noreply.github.com>

* Update SigmaHq ref

Signed-off-by: frack113 <62423083+frack113@users.noreply.github.com>

---------

Signed-off-by: frack113 <62423083+frack113@users.noreply.github.com>
 2023-10-18 11:30:34 -04:00
Onat Uzunyayla
7aba6fb550
Create vstest.console.exe (#322) 
* vstest.console.exe awl bypass

* Create testwindowremoteagent.yaml

Data Exfiltration with TestWindowRemoteAgent.exe is added

* Create vstest.yaml

In order to utilize this, you have to create a Unit Test project for c++ preferrably (because it builds into a single DLL easily) and write your malicious code inside the test method then build it. the main function will not run any code at all but when you call vstest.console to run your unit tests it also performs the other code inside the test method so you can run your code without directly running exe or dll

* Delete testwindowremoteagent.yaml

* Update vstest.yaml

A new description added
 2023-10-18 11:28:04 -04:00
Kamran Saifullah - Frog Man
b13eb6f4fd
DevTunnels - Other MS Binary for Data Exfiltration (#327) 
* Add files via upload

* updated devtunnels.yml

* Update devtunnels.yml

* Update devtunnels.yml

* Update devtunnels.yml

* Updated Priviliges
 2023-10-15 00:05:54 +02:00
SILJAEUROPA
fa3b5ed33c
added addinutil lolbas binary (#335) 
* added addinutil lolbas binary

* updated format for lint

* EOF LF
 2023-10-09 09:05:57 +02:00
Manas Bellani
d6e4fb07d5
Added lolbas iediagcmd.exe as discovered by Adam @hexacorn (#199) 
Everything looks good, confirmed working on Windows 10 & 11, merging changes:

* Added 'Execute' lolbas for iediagcmd.exe

* Added missing fields from the template

* Update Iediagcmd.yml

Made corrections

* Update Iediagcmd.yml

Removing trailing spaces

* Update Iediagcmd.yml

removing empty fields

* Minor changes

* Update Iediagcmd.yml

Removing space before first "&". When setting the Environment variable, it's picking up the space so the path seemed to be "c:\test \", which is why tests are failing.

* Adding Windows 11 support

---------

Co-authored-by: Conor Richard <xenos@xenos-1.net>
Co-authored-by: Wietze <wietze@users.noreply.github.com>
 2023-10-04 09:47:18 -04:00
Wietze
b3951952b0
Fixing command attribute on Vshadow 2023-10-03 17:41:18 +01:00
Wietze
366cdbd57c
Renaming vshadow file 2023-10-03 17:38:41 +01:00
Wietze
746d49bbb3
Merge remote-tracking branch 'origin/master' into fix/incorrect_date 2023-10-03 17:37:28 +01:00
Wietze
e90d795e62
Fixing incorrect category on testwindowremoteagent entry 2023-10-03 17:24:36 +01:00
Wietze
135fc5ba49
Fixing incorrect date on testwindowremoteagent entry 2023-10-03 17:22:22 +01:00
Wietze
96aad19b88
Fixing trailing spaces 2023-10-03 17:19:52 +01:00
Wietze
52adf7084d
Fixing incorrect extension of testwindowremoteagent entry 2023-10-03 17:12:12 +01:00
AyberkHalac
f55d9d1131
Adding vshadow.exe (#325) 
Co-authored-by: Wietze <wietze@users.noreply.github.com>
 2023-10-03 16:53:08 +01:00
securepeacock
fd9fae8321
Added Sigma to Teams.exe (#329) 2023-10-03 12:04:39 +01:00
Jose Enrique Hernandez
a493c20989
Merge pull request #320 from mertdas/master 
Create msedge_proxy.yml
 2023-09-05 13:26:30 -04:00
Jose Enrique Hernandez
d29b112d9e
Merge pull request #323 from onatuzunyayla/vstest 
Create testwindowremoteagent.yaml
 2023-09-05 11:47:31 -04:00
Mert Daş
e75e99f1cf
Update msedge_proxy.yml 2023-09-05 18:47:05 +03:00
Mert Daş
e585183dcd
Update msedge_proxy.yml 2023-09-05 18:45:00 +03:00
Mert Daş
69976b4880
Update msedge_proxy.yml 2023-09-05 18:41:36 +03:00
Mert Daş
fee20a0813
Update msedge_proxy.yml 2023-09-05 18:39:16 +03:00
Mert Daş
7da6f3216d
Update msedge_proxy.yml 2023-09-05 18:37:14 +03:00
Wietze
b137406d8d
Update testwindowremoteagent.yaml 2023-09-04 10:36:28 +01:00
Wietze
820e077aa0
Adding missing end-of-file newline 2023-09-04 10:34:34 +01:00
Mert Daş
e2c58fcf31
Update msedge_proxy.yml 2023-09-03 22:28:00 +03:00
Mert Daş
d5f153b84b
Update msedge_proxy.yml 2023-09-03 22:23:40 +03:00
Mert Daş
f8743a4109
Update msedge_proxy.yml 2023-09-03 22:17:14 +03:00
Mert Daş
994aa792f0
Update msedge_proxy.yml 2023-09-03 22:11:01 +03:00
Jose Enrique Hernandez
db7fef6ec0
Merge pull request #292 from Ekitji/master 
dsdbutil.exe
 2023-09-03 14:57:48 -04:00
Jose Enrique Hernandez
add2198f43
Merge pull request #191 from lltltk/master 
Create Teams.exe
 2023-09-03 14:53:48 -04:00
Mert Daş
247511bca8
Update msedge_proxy.yml 2023-09-03 21:51:32 +03:00
josehelps
26cc085243 removing blank line 2023-09-03 14:49:16 -04:00
Mert Daş
a0874f2bb7
Update msedge_proxy.yml 2023-09-03 21:48:05 +03:00
josehelps
e935a7bf05 still trying to correct CI fails 2023-09-03 14:47:48 -04:00
Mert Daş
53f8fbe19b
Update msedge_proxy.yml 2023-09-03 21:44:41 +03:00
josehelps
a678306935 bug: CI failing fixing 2023-09-03 14:43:08 -04:00
frack113
50c481795b Add SigmaHQ ref 
Signed-off-by: frack113 <62423083+frack113@users.noreply.github.com>
 2023-09-03 15:06:34 +02:00
Mert Daş
9d79fab230
Update msedge_proxy.yml 2023-08-25 21:24:58 +03:00
Mert Daş
0f3b483ae1
Update msedge_proxy.yml 2023-08-25 21:23:41 +03:00
onatuzunyayla
c65c9545f5 Create testwindowremoteagent.yaml 
This one is pretty straightforward and related to the vstest so pushed the commit for this pull request. TestWindowRemoteAgent.exe is a signed DLL that can be utilized to be a gadget for data exfiltration since it tries connection to any host.
 2023-08-25 15:49:14 +03:00
Ekitji
59f0c133f8
Add files via upload 2023-08-23 02:50:03 -04:00
Ekitji
cd8066209a
Delete Dsdbutil.yml 2023-08-23 08:49:48 +02:00
Ekitji
cb98bdcda7
Update Dsdbutil.yml 2023-08-23 08:28:39 +02:00
Ekitji
205501b02e
Update Dsdbutil.yml 2023-08-23 08:27:29 +02:00
Ekitji
cd27c25410
Update Dsdbutil.yml 2023-08-23 08:17:56 +02:00
Ekitji
3b30620d79
Update Dsdbutil.yml 2023-08-23 08:10:06 +02:00
Ekitji
1c2c7e7623
Update Dsdbutil.yml 2023-08-23 08:06:56 +02:00
Ekitji
d21ae223eb
trying to fix wrong new line character..... 2023-08-22 18:49:07 +02:00
Ekitji
f513cf6ae7
Update Dsdbutil.yml 2023-08-22 18:47:23 +02:00
Ekitji
f300c94572
Update Dsdbutil.yml 2023-08-22 18:45:29 +02:00
Ekitji
5d11f02c16
Update Dsdbutil.yml 2023-08-22 18:43:43 +02:00
Ekitji
0039be4f73
fixing trailing spaces 2023-08-22 18:35:43 +02:00
Ekitji
c33614c64b
fix validation errors?? 2023-08-22 18:33:08 +02:00
Ekitji
be19ab3d53
Update Dsdbutil.yml 
fixed linking?? removed extra ---
 2023-08-22 18:30:30 +02:00
Mert Daş
f4acc01906
Update msedge_proxy.yml 2023-08-18 17:47:17 +03:00
Mert Daş
68629128a3
Update msedge_proxy.yml 2023-08-18 17:44:23 +03:00
Mert Daş
b14ad21ff9
Create msedge_proxy.yml 2023-08-18 17:17:49 +03:00
Wietze
03c148682a
Minor change to trigger CI checks 2023-08-05 19:15:24 +01:00
Ronnie Salomonsen
4ffdf0ec0b
Updated msxsl.yml to include a download and ADS category (#276) 2023-08-05 18:04:09 +01:00
Bobby Cooke
fe64c63211
VSDiagnostics Execute lolbin (#309) 
Co-authored-by: Wietze <wietze@users.noreply.github.com>
 2023-08-05 17:18:48 +01:00
eral4m
e4c2371a26
Adding scrobj.dll, shimgvw.dll INetCache downloader entries (#189) 
Co-authored-by: Wietze <wietze@users.noreply.github.com>
 2023-08-05 16:50:52 +01:00
Elliot Killick
65007296a6
Update Cmdl32.exe resource links (#317) 2023-08-04 11:21:36 +01:00
Wietze
b50df49ac2
Added colorcpl.exe (#315) 
Co-authored-by: Arjan Onwezen <arjan.onwezen@gmail.com>
 2023-07-27 18:18:49 +01:00
Grzegorz Tworek
7241a8b7fd
Create Provlaunch.yml (#307) 
Co-authored-by: Wietze <wietze@users.noreply.github.com>
 2023-07-25 16:16:39 +01:00
pfiatde
4453bb1ec4
Add Code.yml (honorable mention) (#278) 
Co-authored-by: Wietze <wietze@users.noreply.github.com>
 2023-07-18 00:13:04 +01:00
Vikas Singh
fa3f6bbc0c
Update Dxcap.yml (#296) 
Co-authored-by: Wietze <wietze@users.noreply.github.com>
 2023-06-27 13:42:47 +01:00
Ryan Plas
62ed936a39
Add missing document starts and add yamllint rule (#305) 2023-06-23 20:55:39 +01:00
frack113
e8ea28d4e9
Update SigmaHQ ref (#301) 
Signed-off-by: frack113 <62423083+frack113@users.noreply.github.com>
 2023-06-19 22:40:24 +01:00
CyberSorcery
c3f2690633
Tar.exe lateral movement (#277) 
Co-authored-by: Wietze <wietze@users.noreply.github.com>
 2023-06-17 22:25:34 +01:00
C-h4ck-0
8aca00a56b
Update ProtocolHandler.yml (#267) 
Co-authored-by: Wietze <wietze@users.noreply.github.com>
 2023-06-17 22:18:06 +01:00
Black Shade
d71415de77
Create msedgewebview2.exe (#299) 
Co-authored-by: Wietze <wietze@users.noreply.github.com>
 2023-06-17 21:56:16 +01:00
frack113
b52200eb89
Add sigma and remove ampty string (#297) 
Signed-off-by: frack113 <62423083+frack113@users.noreply.github.com>
 2023-06-17 20:30:00 +01:00
frack113
e08b10f437
Fix sigmaHQ ref (#300) 
Signed-off-by: frack113 <62423083+frack113@users.noreply.github.com>
 2023-06-17 20:29:07 +01:00
Jose Enrique Hernandez
f5a3812c91
Merge pull request #295 from frack113/sigma_20230610 
Add missing Sigma ref
 2023-06-11 22:10:04 -04:00
frack113
55b7556b64 Add Sigma ref 
Signed-off-by: frack113 <62423083+frack113@users.noreply.github.com>
 2023-06-10 08:12:12 +02:00
Ekitji
3eb7625da4
Update Dsdbutil.yml 2023-06-08 01:07:25 +03:00
Ekitji
1a3ada3984
Update Dsdbutil.yml 2023-06-08 01:02:51 +03:00
Ekitji
3556f254b2
dsdbutil.exe 
LOLBIN for dumping NTDS
 2023-05-31 16:52:51 +02:00
mr.d0x
ef8048344d Update msedge.exe & add teams.exe 2023-05-27 12:11:05 -04:00
biscoito
1f7e8a3e57
Remove unnecessary "at" on command (#286) 2023-05-01 23:36:38 +01:00
mrd0x
787c87470e
Several LOLBINs additions & modifications (#192) 
Co-authored-by: Wietze <wietze@users.noreply.github.com>
 2023-03-31 13:46:21 +01:00
Wietze
a9046ecb85
Fixing newline in odbcconf entry 2023-03-25 16:21:34 +00:00
Wietze
06f33c91ae
Updating odbcconf, fixes #282 - thanks @hexacorn (#283) 2023-03-25 16:14:04 +00:00
Mr. 0range
2b7fdcac03
Adding WebDav techniques to cmd.exe entry (#273) 
Added the documentation for the type command file transfer, ADS, and copy functionality
---------

Co-authored-by: Wietze <wietze@users.noreply.github.com>
 2023-03-08 14:39:32 +00:00
YamAlon
8283b4b7e3
Added fsi to dotnet.exe (#281) 
Co-authored-by: Wietze <wietze@users.noreply.github.com>
 2023-02-25 20:10:45 +00:00
Wietze
74d010a893
Removing pre-Windows 10 OSs from CertReq entry, fixes #247 2023-02-25 19:19:22 +00:00
bohops
cd16f0aff3
Add vsls-agent lolbin and committing a few other changes (#263) 
Co-authored-by: Wietze <wietze@users.noreply.github.com>
 2023-02-25 18:47:44 +00:00
febou92
ded90467a8
Create Ssh.yml (#211) 
* Create Ssh.yml

* newline ymlint

Co-authored-by: bohops <bohops>
 2022-12-29 19:45:09 -05:00
frack113
1072d3dc34
Add sigma ref Detection (#272) 
* Add sigma ref

* Add missing sigma ref

* Fix sigma link

* Remove by Defender

* Remove by Defender
 2022-12-29 09:51:15 -05:00
securepeacock
8ff159abb7
Update Wfc.yml with Sigma (#223) 
* Update Wfc.yml

* Update acknowledgement

* Update Wfc.yml

* fix line feed issue after conflict

Co-authored-by: bohops <bohops>
 2022-12-29 00:22:39 -05:00
securepeacock
41f5d6f33b
Update VisualUiaVerifyNative.yml with Sigma (#224) 
* Update VisualUiaVerifyNative.yml

* Update acknowledgement

* Update VisualUiaVerifyNative.yml

* fix line feed issue after conflict

* fix line feed issue after conflict

* fix line feed issue after conflict

* fix line feed issue after conflict

Co-authored-by: bohops <bohops>
 2022-12-29 00:15:31 -05:00
securepeacock
1833ddd391
Update FsiAnyCpu.yml with Sigma (#225) 
* Update FsiAnyCpu.yml

* Update acknowledgement

* Update FsiAnyCpu.yml

* fix line feed issue after conflict

Co-authored-by: bohops <jimmy@jbtech.us>
 2022-12-28 23:50:51 -05:00
securepeacock
8d35738a1f
Update Fsi.yml with Sigma (#226) 
* Update Fsi.yml

* Update acknowledgement

* Remove newline

* resolving unix lf issue with fsi

* resolving unix lf issue with fsi

* resolving fsi issue

Co-authored-by: bohops <jimmy@jbtech.us>
 2022-12-28 23:41:27 -05:00
securepeacock
c19a2e3cf8
Update Remote.yml with Sigma (#227) 
* Update Remote.yml

* Update acknowledgement

Co-authored-by: bohops <jimmy@jbtech.us>
 2022-12-28 21:24:57 -05:00
Grzegorz Tworek
ec676cbd93
Create Runexehelper.yml (#269) 
Co-authored-by: Wietze <wietze@users.noreply.github.com>
 2022-12-17 17:30:30 +00:00
Michał Kucharski
8452c1ca96
Update eventvwr.yml with Execute part (#252) 
* Update eventvwr.yml with Execute part

All things added based on https://twitter.com/orange_8361/status/1518970259868626944 and my re-tests.

* Update Eventvwr.yml

As asked by @bohops

* Update Eventvwr.yml
 2022-11-13 14:56:32 -05:00
Nasreddine Bencherchali
0d7efb8ead
Adding and updating various LOLBINS (#229) 
Co-authored-by: Wietze <wietze@users.noreply.github.com>
 2022-11-11 16:42:44 +00:00
Grzegorz Tworek
1587eeaf6c
Create Setres.yml (#262) 
Co-authored-by: Wietze <wietze@users.noreply.github.com>
 2022-10-26 11:15:13 +01:00
Wietze
c20f388444
Fixing minor error in description of Explorer, closes #257 2022-10-26 09:14:27 +01:00
frack113
01d7580886
Add Sigma rule references to various LOLBAS (#260) 2022-10-26 09:10:39 +01:00
Wietze
a0556744d1
Merge branch 'master' into windows_11_sprint 2022-10-04 15:45:57 +01:00
Wietze
6f2135e173
Updating category of fltMC to tamper 2022-10-04 15:37:56 +01:00
Daniel Santos
4217d0f8ca
Adding .NET Core binary createdump.exe (#240) 
Co-authored-by: Daniel Santos <vovohelo@gmail.com>
Co-authored-by: Wietze <wietze@users.noreply.github.com>
 2022-10-04 13:23:10 +01:00
securepeacock
461fbaf787
Update Powerpnt.yml with Sigma (#222) 
Co-authored-by: Wietze <wietze@users.noreply.github.com>
 2022-10-04 12:36:49 +01:00
Wietze
76acca6f2b
Merge branch 'master' into windows_11_sprint 2022-10-04 12:31:31 +01:00
C-h4ck-0
f29471dde9
Adding download functionality entries to existing binaries (#239) 
Co-authored-by: Wietze <wietze@users.noreply.github.com>
 2022-10-04 12:27:31 +01:00
C-h4ck-0
ea68ad824d
Adding 3 Microsoft Office-based downloaders (#238) 
Co-authored-by: Wietze <wietze@users.noreply.github.com>
 2022-10-04 12:13:56 +01:00
saulpanders
83ca9aa197
Adding Windows Package Manager tool winget.exe (#188) 
Co-authored-by: Wietze <wietze@users.noreply.github.com>
 2022-10-04 11:27:47 +01:00
Wietze
67e1040172
Merge remote-tracking branch 'upstream/master' into windows_11_sprint 2022-10-03 16:18:57 +01:00
Conor Richard
da38f3d8ed
Merge pull request #185 from whickey-r7/patch-1 
Create Unregmp2.yml
 2022-09-17 21:38:59 -04:00
Conor Richard
a9e5707f74
Removing extra YAML record start "---" 2022-09-17 21:37:30 -04:00
Conor Richard
59808608e7
Merge pull request #180 from wietze/new/CustomShellHost 
Adding CustomShellHost.exe LOLBAS
 2022-09-17 21:34:04 -04:00
Conor Richard
05faad73b2
Removing extra YAML record start "---" 2022-09-17 21:32:13 -04:00
Conor Richard
c22d17a116
Merge pull request #176 from akat12/Ssh 
Create Ssh
 2022-09-17 21:25:49 -04:00
Conor Richard
14896a1436
Removed trailing space on line 3 2022-09-17 21:24:04 -04:00
Conor Richard
730359aa0d
Changed AWL MitreID and removed extra YAML record start "---" 2022-09-17 21:21:13 -04:00
Conor Richard
aa698337ff
Merge pull request #148 from elliotkillick/fsutil 
Create fsutil.yml
 2022-09-17 08:10:53 -04:00
Conor Richard
181672267b
Adding quotes since the ":" falls at the end to fix linting error 2022-09-17 08:09:27 -04:00
Conor Richard
4615fbc582
fixing indentation in line 14 2022-09-17 08:04:58 -04:00
Conor Richard
2759dd0565
Adding USN deletion that @bohops mentioned in #148 notes 2022-09-17 08:01:53 -04:00
Conor Richard
e878c66e6f
Cleaning YAML, updated new category Tamper 2022-09-17 07:55:16 -04:00
Conor Richard
f5c797a888
Merge pull request #147 from elliotkillick/DeviceCredentialDeployment 
Create DeviceCredentialDeployment.yml
 2022-09-17 07:52:29 -04:00
Conor Richard
7dd6ca24aa
Removing invalid MiterLink key. 2022-09-17 07:50:44 -04:00
Conor Richard
1e6d6d23cc
Removing extra document start "---" and updating category to Conceal. 2022-09-17 07:47:06 -04:00
Conor Richard
61043ccf0b
Merge pull request #245 from gtworek/patch-1 
Create Ldifde.yml
 2022-09-17 00:09:22 -04:00
Conor Richard
2689786b59
Update Ldifde.yml 
Removed trailing spaces.
 2022-09-17 00:06:25 -04:00
Conor Richard
9875eb2ed2
Update Ldifde.yml 
Removed final "---". It does not match the current template and schema checks.
 2022-09-17 00:03:20 -04:00
Conor Richard
2c9a7a97ce
Merge pull request #244 from 721574n/tristan_add 
Added external reference about Rundll32
 2022-09-16 23:46:43 -04:00
Filipe Spencer
d780de4ece Prep for new yamllint 2022-09-16 11:29:26 +00:00
Conor Richard
3347e43b3f
Merge branch 'master' into alias_introduction 2022-09-15 13:54:50 -04:00
xenoscr
dfb30f194f
Tweaked the Link regex to allow anchor tags and the handle regex to permit blank entries. 2022-09-13 23:37:10 -04:00
xenoscr
ee68df7f26
Put schema back to previous state and fixed non-compliant Link in At.yml 2022-09-13 23:06:42 -04:00
xenoscr
92424a40de
Implimenting requested changes from PR #251 review from @wietze. 2022-09-13 22:51:52 -04:00
xenoscr
2c3653f0c4
Fixing more file formatting issues. 2022-09-11 01:36:14 -04:00
xenoscr
654cdd2d61
Fixing file formating. 2022-09-11 01:33:36 -04:00
xenoscr
3d6a4be2a5
Fixing more formatting errors. 2022-09-11 01:23:21 -04:00
xenoscr
98813fe01b
Fixing errors found in yaml lint action. 2022-09-11 01:07:18 -04:00
xenoscr
6e253a7a38
Adding missing OperatingSystem values. 2022-09-11 00:22:36 -04:00
xenoscr
68e5795aec
Fixing Acknowledgement values. 2022-09-11 00:20:05 -04:00
xenoscr
aa1e1ea2be
Adding no defualt paths to pass schema validations 2022-09-11 00:16:59 -04:00
xenoscr
c933426c1a
Adding missing Path value. 2022-09-11 00:03:30 -04:00
xenoscr
1bd305e3a3
Adding missing Usecase values. 2022-09-10 23:53:21 -04:00
xenoscr
c24cad7868
Adding missing OperatingSystem values. 2022-09-10 23:48:38 -04:00
xenoscr
371d1cf2cc
Correcting case in Usecase key names. 2022-09-10 23:45:28 -04:00
xenoscr
a040ca3e40
Adding missing OperatingSystem values to Ieadvpack.yml 2022-09-10 23:41:38 -04:00
xenoscr
f5baac1c45
Adding missing authors 2022-09-10 23:37:10 -04:00
xenoscr
700d181c7e
Adding missing OperatingSystem key in Ilasm.yml 2022-09-10 23:30:36 -04:00
xenoscr
d585695b08
Adding missing Descriptions. 2022-09-10 23:26:10 -04:00
xenoscr
abb1034b00
Added missing description to Extexport.yml 2022-09-10 23:08:46 -04:00
xenoscr
dd58662ee9
Correcting 'UAC bypass' to 'UAC Bypass' 2022-09-10 22:58:06 -04:00
xenoscr
0ed1694bf1
Correcting 'AWL bypass' to 'AWL Bypass' 2022-09-10 22:55:32 -04:00
xenoscr
09e81d0bd1
Correcting Cmstp.yml Category value, case. 2022-09-10 22:48:08 -04:00
xenoscr
5e0ae9c976
Correcting Cmstp.yml Category value. 2022-09-10 22:46:13 -04:00
xenoscr
ce36f924fc
Removing extra --- from each yaml file 2022-09-10 22:16:47 -04:00
Ryan Stamp
8810e30f0a
Fix incorrect decodehex command syntax (#230) 2022-09-02 18:44:23 +01:00
securepeacock
68c14b894c
Update UtilityFunctions.yml (#228) 2022-09-02 18:42:59 +01:00
Wietze
e1df4e9f83
Merge remote-tracking branch 'upstream/master' into windows_11_sprint 2022-09-02 17:23:45 +01:00
Oddvar Moe
c5c227a7ba
added sigma detection for pester 2022-09-02 17:18:24 +01:00
Oddvar Moe
5a38aa722f
Adjusted comment in command 2022-09-02 17:18:24 +01:00
Oddvar Moe
4b99cadd85
Update pester.bat with an additional example 2022-09-02 17:18:23 +01:00
Wietze
400158f2df
Add sigma references to CL_LoadAssembly, CLMutexVerifiers entries (#221) 2022-09-02 17:16:58 +01:00
Grzegorz Tworek
9b70f38986
Create Ldifde.yml 2022-08-31 17:58:30 +02:00
Oddvar Moe
68a6f0a35f added sigma detection for pester 2022-08-24 12:32:48 +02:00
721574n
4b564464fd Added external reference for Rundll32 2022-08-24 12:11:31 +02:00
Oddvar Moe
c53a8ea06e Adjusted comment in command 2022-08-23 15:47:17 +02:00
Oddvar Moe
fdc1b2c827 Update pester.bat with an additional example 2022-08-23 15:44:57 +02:00
fslds
3162825fdc
Split procdump name pattern into two actual names. 2022-08-08 20:27:04 +00:00
Oddvar Moe
8283d8d915
Delete Dllhost.yml 
https://twitter.com/0gtweet/status/1533804788038647808
 2022-06-09 10:51:40 +02:00
frack113
91350057ce
Add sigma references to CL_LoadAssembly, CLMutexVerifiers entries (#221) 2022-06-04 11:50:35 +01:00
Wietze
539c1da0fa
Merge branch 'master' into windows_11_sprint 2022-05-25 09:25:42 +01:00
Kostas
314f585da9
Update Hh.yml 
Added SysWoW64 Path
 2022-05-24 15:29:03 -07:00
Kostas
aae794c59c
Update Hh.yml 
Fixing the full path of the hh.exe binary to C:\Windows\hh.exe
 2022-05-24 14:23:18 -07:00
Wietze
7797a1967c
Merge branch 'master' into windows_11_sprint 2022-05-24 08:38:50 +01:00
frack113
f85eeb748a
Add Sigma references to conhost, imewdbld, ie4uinit, ilasm, offlinescannershell and replace (#219) 2022-05-23 12:35:58 +01:00
Chris "Lopi" Spehn
36945392ca
Merge pull request #201 from wietze/new/Conhost 
Adding Conhost.exe LOLBAS
 2022-05-19 10:27:10 -06:00
Chris "Lopi" Spehn
e872ce028b
Merge pull request #214 from jstnk9/master 
Added new sigma rule and references to desk.cpl
 2022-05-19 10:21:21 -06:00
ManuelBerrueta
68b772a567 Updated yml/OtherMSBinaries/Sqlps.yml, used recently in a campaign shared my Microsoft Security Intelligence. Would be useful reference for Red Teamers/Offensive Security Engineers as well as Blue Teamers/Defenders who reference this open source project/library. 2022-05-19 07:12:37 -07:00
John Dwyer
90b6082f1d Update Rdrleakdiag.yml 2022-05-19 13:30:11 +00:00
John Dwyer
e2493d8ccf Detection Resources and Other Updates (LOLBAS-Project#84) 
https://github.com/LOLBAS-Project/LOLBAS/issues/84
 2022-05-18 19:00:26 +00:00
John Dwyer
d935f096fd Added rdrleakdiag dump 
Added yaml for rdrleakdiag process dumping capability
 2022-05-18 18:58:04 +00:00
frack113
d1738b946b
Adding various Sigma references (#213) 
Co-authored-by: Wietze <wietze@users.noreply.github.com>
 2022-05-17 09:18:45 +01:00
bohops
3571a7ad88
Create AccCheckConsole.yml (#187) 2022-05-15 21:55:16 +01:00
mrd0x
7c2f3231d3
Adding Dump64.exe (#182) 
Co-authored-by: mrd0x <mrd0x@example.com>
Co-authored-by: Wietze <wietze@users.noreply.github.com>
 2022-05-15 21:21:45 +01:00
Wietze
b333db4f91
Fixing typo (ieaframe -> ieframe) 2022-05-15 21:06:33 +01:00
akshat pradhan
79f4cbdb7f
Changed tid to T1105 for downloads (#195) 2022-05-15 20:38:24 +01:00
jstnk9
00bc9177bd Added new sigma rule and references 
Added new sigma rule and references
 2022-05-15 16:42:44 +02:00
Wietze
2b20998371
Remove redundant powershell command from comsvcs entry 2022-05-05 11:18:39 +01:00
Wietze
b92ee99627
Addressing @bohops's feedback 2022-05-05 11:12:22 +01:00
bohops
d93539bf9b
Quick fix for syntax and removed IOC 2022-04-29 23:06:41 -04:00
cr1sp4
666e6e8645
Update Desk.yml (#210) 
Added Sigma rules.
 2022-04-29 22:52:57 -04:00
Wietze
619aafbfa2
Adding extra contributor to Desk.cpl entry 2022-04-28 13:01:35 +01:00
Wietze
4a8bdf4844
Fix casing on Desk.cpl entry 2022-04-27 11:20:13 +01:00
LuxNoBu!!shit
6ed0fb9326
Create Desk.cpl (#207) 
Co-authored-by: Wietze <wietze@users.noreply.github.com>
 2022-04-27 11:15:15 +01:00
Wietze
e4261b1f02
Fixing typo 2022-04-26 16:59:14 +01:00
Wietze
5c46dd63f5
Giving Hexacorn the proper credit 2022-04-07 15:50:39 +01:00
Wietze
4df2e43c82
Adding Conhost.exe LOLBAS 2022-04-05 18:46:58 +01:00
Wietze
55a7ea9a81
Fixing wlrmdr entry 2022-02-16 21:02:24 +00:00
Moshe Kaplan
12c85eb8f0
Create wlrmdr.yml (#194) 
Co-authored-by: Wietze <wietze@users.noreply.github.com>
 2022-02-16 20:41:14 +00:00
akshat pradhan
a7f7ec2cc2
Changing ATT&CK TID of wuauclt.exe entry (#193) 2022-01-23 22:24:59 +00:00
Andrew Kisliakov
e40a6432a0
Merge branch 'LOLBAS-Project:master' into master 2022-01-17 08:16:16 +00:00