Commit Graph

926 Commits

Author SHA1 Message Date
Avihay Eldad
d5d11f47a1
Add Xsd.yml (#366) 2024-08-17 22:18:59 +01:00
TAbdiukov
5b12df2b93
Makecab - LOLBAS command, more information about Windows compatibility (#389)
---------
Co-authored-by: Wietze <wietze@users.noreply.github.com>
2024-08-17 22:16:07 +01:00
TAbdiukov
5826e4d415
Adding more operating systems to extrac32.exe (#387)
Co-authored-by: Wietze <wietze@users.noreply.github.com>
2024-08-17 22:10:48 +01:00
TAbdiukov
e09cf1066f
Add Diantz directives/DDF entry to diantz.exe (#390)
Co-authored-by: Wietze <wietze@users.noreply.github.com>
2024-08-17 22:02:55 +01:00
TAbdiukov
e1d0707082
Allow tildes (~) in URLs (#391) 2024-08-17 21:38:18 +01:00
Avihay Eldad
74ffaa534f
Add Ngen.exe (#357)
Co-authored-by: Wietze <wietze@users.noreply.github.com>
2024-07-15 20:59:23 +01:00
Avihay Eldad
da4f6e5407
Update Msdeploy.yml and add copy utility (#354) 2024-07-15 20:53:17 +01:00
Nathan
70268a5a9f
fix parameter typo for squirrel.exe (#383) 2024-07-12 18:49:30 +01:00
unrooted
03b527b105
Update wsl.exe description (#378)
Co-authored-by: Wietze <wietze@users.noreply.github.com>
2024-06-06 23:42:25 +01:00
Avihay Eldad
35148cc39e
Add Visio.exe as a downloader (#356)
Co-authored-by: Wietze <wietze@users.noreply.github.com>
2024-06-05 23:50:25 +01:00
bohops
622aaeed54
Add Powershell.exe to Honorable Mentions (#363) 2024-06-05 23:17:34 +01:00
Dr. Gerald Yaya
5d80e48159
Correct Winget.yml Spelling (#379)
Corrected some spelling mistakes in the "Privileges" node of Winget.yml
2024-06-03 17:52:55 +01:00
Avihay Eldad
78fa7b550e
Add Winfile.yml (#374)
Co-authored-by: Wietze <wietze@users.noreply.github.com>
2024-05-23 00:02:56 +01:00
Borja
2185ade1f2
Update Msiexec.yml (#369) 2024-05-22 18:59:51 +01:00
Mozhar Alhosni
91a3e80d8f
Update Csc.yml (#376)
Co-authored-by: Wietze <wietze@users.noreply.github.com>
2024-05-22 18:55:40 +01:00
Lino
5d7ec48f4f
Update Msiexec.yml (#377)
Fixed spelling
2024-05-20 16:49:27 -04:00
Wietze
2cc0ee99e6
Applying MITRE ATT&CK v15 changes (#370)
https://attack.mitre.org/resources/updates/updates-april-2024/
2024-04-24 15:10:59 +01:00
frack113
2cc01b0113
Add Detection Sigma ref (#368) 2024-04-19 18:53:37 +01:00
irEasty
fc23c999e6
Create wbadmin (#364)
Co-authored-by: Wietze <wietze@users.noreply.github.com>
2024-04-05 19:38:21 +01:00
Avihay Eldad
aea7bd082d
Add Winproj.exe as a downloader (#351)
Co-authored-by: Wietze <wietze@users.noreply.github.com>
2024-04-05 19:19:49 +01:00
C-h4ck-0
3c826ab1ca
Add MSAccess as a new downloader (#288)
Co-authored-by: Wietze <wietze@users.noreply.github.com>
2024-04-05 19:18:57 +01:00
Wietze
ebbf08ec4d
Adding tags (closes #9, #318) (#362)
* Adding various tags as a first iteration

* Adding quotes

* Adding 'Custom Format' properly

* Updating to key:value pairs

* Update template
2024-04-03 11:53:36 -04:00
Avihay Eldad
a945bac6be
Create Appcert.yml (#361)
Co-authored-by: Wietze <wietze@users.noreply.github.com>
2024-03-31 18:56:11 +01:00
Avesta
33b9574d04
Update Tar.yml (#310)
Co-authored-by: Wietze <wietze@users.noreply.github.com>
2024-03-31 14:00:57 +01:00
Avihay Eldad
65e05aa4d6
Update Te.yml (#359)
Co-authored-by: Wietze <wietze@users.noreply.github.com>
2024-03-31 13:43:00 +01:00
Axel Boesenach
3aa721515b
Fix typo in /z command parameter (#360) 2024-03-23 11:13:30 +00:00
j00c3
23bf33c7c4
Update MITRE T1185 to T1105 (#345) 2024-02-17 17:30:52 +00:00
Bjarne
ce53e1376a
Moved text to correct line (#349)
Moved "and show response in terminal" from `Command` to `Description`
2024-02-17 17:14:08 +00:00
Lino
bba87a6c2a
TypoFix: Addinutil.yml (#342)
Small typo fix:
serliaized -> serialized
2024-02-13 13:37:40 +00:00
Wietze
80267d91dd
Adding GitHub Actions workflow test for duplicate filenames (#340)
* Adding GitHub Actions workflow test for duplicate filenames

* Adding generic error message

* Deduping fsutil.exe and teams.exe
2023-11-07 20:55:24 -05:00
Grzegorz Tworek
5b4d6d604c
Create Fsutil.yml (#339) 2023-11-06 15:01:59 +01:00
Oddvar Moe
abd4e989f4
Update README.md
Inlcuded statement about NetNTLM coercing
2023-11-06 14:54:56 +01:00
pfiatde
ee78111254
Update Msiexec.yml (#333)
* Update Msiexec.yml

Added transform file execution

* Update Msiexec.yml
2023-11-06 13:47:04 +01:00
Wietze
760151b598
Fixing yml files with .yaml extension (#338) 2023-10-19 17:17:15 +01:00
frack113
4f83231697
Update old sigma link (#303)
* Update SigmaHQ ref

Signed-off-by: frack113 <62423083+frack113@users.noreply.github.com>

* Update SigmaHQ ref

Signed-off-by: frack113 <62423083+frack113@users.noreply.github.com>

* Update SigmaHq ref

Signed-off-by: frack113 <62423083+frack113@users.noreply.github.com>

* Update SigmaHq ref

Signed-off-by: frack113 <62423083+frack113@users.noreply.github.com>

---------

Signed-off-by: frack113 <62423083+frack113@users.noreply.github.com>
2023-10-18 11:30:34 -04:00
Onat Uzunyayla
7aba6fb550
Create vstest.console.exe (#322)
* vstest.console.exe awl bypass

* Create testwindowremoteagent.yaml

Data Exfiltration with TestWindowRemoteAgent.exe is added

* Create vstest.yaml

In order to utilize this, you have to create a Unit Test project for c++ preferrably (because it builds into a single DLL easily) and write your malicious code inside the test method then build it. the main function will not run any code at all but when you call vstest.console to run your unit tests it also performs the other code inside the test method so you can run your code without directly running exe or dll

* Delete testwindowremoteagent.yaml

* Update vstest.yaml

A new description added
2023-10-18 11:28:04 -04:00
Kamran Saifullah - Frog Man
b13eb6f4fd
DevTunnels - Other MS Binary for Data Exfiltration (#327)
* Add files via upload

* updated devtunnels.yml

* Update devtunnels.yml

* Update devtunnels.yml

* Update devtunnels.yml

* Updated Priviliges
2023-10-15 00:05:54 +02:00
SILJAEUROPA
fa3b5ed33c
added addinutil lolbas binary (#335)
* added addinutil lolbas binary

* updated format for lint

* EOF LF
2023-10-09 09:05:57 +02:00
Manas Bellani
d6e4fb07d5
Added lolbas iediagcmd.exe as discovered by Adam @hexacorn (#199)
Everything looks good, confirmed working on Windows 10 & 11, merging changes:

* Added 'Execute' lolbas for iediagcmd.exe

* Added missing fields from the template

* Update Iediagcmd.yml

Made corrections

* Update Iediagcmd.yml

Removing trailing spaces

* Update Iediagcmd.yml

removing empty fields

* Minor changes

* Update Iediagcmd.yml

Removing space before first "&". When setting the Environment variable, it's picking up the space so the path seemed to be "c:\test \", which is why tests are failing.

* Adding Windows 11 support

---------

Co-authored-by: Conor Richard <xenos@xenos-1.net>
Co-authored-by: Wietze <wietze@users.noreply.github.com>
2023-10-04 09:47:18 -04:00
Conor Richard
90f666e7a0
Merge pull request #330 from LOLBAS-Project/fix/incorrect_date
Enforcing YYYY-MM-DD format for dates (fixes #328)
2023-10-03 15:03:23 -04:00
Wietze
b3951952b0
Fixing command attribute on Vshadow 2023-10-03 17:41:18 +01:00
Wietze
366cdbd57c
Renaming vshadow file 2023-10-03 17:38:41 +01:00
Wietze
746d49bbb3
Merge remote-tracking branch 'origin/master' into fix/incorrect_date 2023-10-03 17:37:28 +01:00
Wietze
e90d795e62
Fixing incorrect category on testwindowremoteagent entry 2023-10-03 17:24:36 +01:00
Wietze
135fc5ba49
Fixing incorrect date on testwindowremoteagent entry 2023-10-03 17:22:22 +01:00
Wietze
93aeeacb47
Ensuring GitHub Actions isn't run twice on PR 2023-10-03 17:21:42 +01:00
Wietze
96aad19b88
Fixing trailing spaces 2023-10-03 17:19:52 +01:00
Wietze
3ec9655b61
Updating search path 2023-10-03 17:16:05 +01:00
Wietze
52adf7084d
Fixing incorrect extension of testwindowremoteagent entry 2023-10-03 17:12:12 +01:00
Wietze
be18d9b26d
Add file extension validation 2023-10-03 17:10:21 +01:00