public-mirrors/LOLBAS
1
0
Fork 0
mirror of https://github.com/LOLBAS-Project/LOLBAS synced 2025-07-26 20:22:24 +02:00
Code Issues Projects Releases Wiki Activity
869 Commits 4 Branches 0 Tags
f08605710402a2684e398080aa7da120584ab2c7
Commit Graph

440 Commits

Author SHA1 Message Date
Wietze
760151b598 Fixing yml files with .yaml extension (#338) 2023-10-19 17:17:15 +01:00
frack113
4f83231697 Update old sigma link (#303) 
* Update SigmaHQ ref

Signed-off-by: frack113 <62423083+frack113@users.noreply.github.com>

* Update SigmaHQ ref

Signed-off-by: frack113 <62423083+frack113@users.noreply.github.com>

* Update SigmaHq ref

Signed-off-by: frack113 <62423083+frack113@users.noreply.github.com>

* Update SigmaHq ref

Signed-off-by: frack113 <62423083+frack113@users.noreply.github.com>

---------

Signed-off-by: frack113 <62423083+frack113@users.noreply.github.com>
 2023-10-18 11:30:34 -04:00
Onat Uzunyayla
7aba6fb550 Create vstest.console.exe (#322) 
* vstest.console.exe awl bypass

* Create testwindowremoteagent.yaml

Data Exfiltration with TestWindowRemoteAgent.exe is added

* Create vstest.yaml

In order to utilize this, you have to create a Unit Test project for c++ preferrably (because it builds into a single DLL easily) and write your malicious code inside the test method then build it. the main function will not run any code at all but when you call vstest.console to run your unit tests it also performs the other code inside the test method so you can run your code without directly running exe or dll

* Delete testwindowremoteagent.yaml

* Update vstest.yaml

A new description added
 2023-10-18 11:28:04 -04:00
SILJAEUROPA
fa3b5ed33c added addinutil lolbas binary (#335) 
* added addinutil lolbas binary

* updated format for lint

* EOF LF
 2023-10-09 09:05:57 +02:00
Manas Bellani
d6e4fb07d5 Added lolbas iediagcmd.exe as discovered by Adam @hexacorn (#199) 
Everything looks good, confirmed working on Windows 10 & 11, merging changes:

* Added 'Execute' lolbas for iediagcmd.exe

* Added missing fields from the template

* Update Iediagcmd.yml

Made corrections

* Update Iediagcmd.yml

Removing trailing spaces

* Update Iediagcmd.yml

removing empty fields

* Minor changes

* Update Iediagcmd.yml

Removing space before first "&". When setting the Environment variable, it's picking up the space so the path seemed to be "c:\test \", which is why tests are failing.

* Adding Windows 11 support

---------

Co-authored-by: Conor Richard <xenos@xenos-1.net>
Co-authored-by: Wietze <wietze@users.noreply.github.com>
 2023-10-04 09:47:18 -04:00
securepeacock
fd9fae8321 Added Sigma to Teams.exe (#329) 2023-10-03 12:04:39 +01:00
Jose Enrique Hernandez
a493c20989 Merge pull request #320 from mertdas/master 
Create msedge_proxy.yml
 2023-09-05 13:26:30 -04:00
Mert Daş
e75e99f1cf Update msedge_proxy.yml 2023-09-05 18:47:05 +03:00
Mert Daş
e585183dcd Update msedge_proxy.yml 2023-09-05 18:45:00 +03:00
Mert Daş
69976b4880 Update msedge_proxy.yml 2023-09-05 18:41:36 +03:00
Mert Daş
fee20a0813 Update msedge_proxy.yml 2023-09-05 18:39:16 +03:00
Mert Daş
7da6f3216d Update msedge_proxy.yml 2023-09-05 18:37:14 +03:00
Mert Daş
e2c58fcf31 Update msedge_proxy.yml 2023-09-03 22:28:00 +03:00
Mert Daş
d5f153b84b Update msedge_proxy.yml 2023-09-03 22:23:40 +03:00
Mert Daş
f8743a4109 Update msedge_proxy.yml 2023-09-03 22:17:14 +03:00
Mert Daş
994aa792f0 Update msedge_proxy.yml 2023-09-03 22:11:01 +03:00
Mert Daş
247511bca8 Update msedge_proxy.yml 2023-09-03 21:51:32 +03:00
Mert Daş
a0874f2bb7 Update msedge_proxy.yml 2023-09-03 21:48:05 +03:00
Mert Daş
53f8fbe19b Update msedge_proxy.yml 2023-09-03 21:44:41 +03:00
frack113
50c481795b Add SigmaHQ ref 
Signed-off-by: frack113 <62423083+frack113@users.noreply.github.com>
 2023-09-03 15:06:34 +02:00
Mert Daş
9d79fab230 Update msedge_proxy.yml 2023-08-25 21:24:58 +03:00
Mert Daş
0f3b483ae1 Update msedge_proxy.yml 2023-08-25 21:23:41 +03:00
Mert Daş
f4acc01906 Update msedge_proxy.yml 2023-08-18 17:47:17 +03:00
Mert Daş
68629128a3 Update msedge_proxy.yml 2023-08-18 17:44:23 +03:00
Mert Daş
b14ad21ff9 Create msedge_proxy.yml 2023-08-18 17:17:49 +03:00
Elliot Killick
65007296a6 Update Cmdl32.exe resource links (#317) 2023-08-04 11:21:36 +01:00
Wietze
b50df49ac2 Added colorcpl.exe (#315) 
Co-authored-by: Arjan Onwezen <arjan.onwezen@gmail.com>
 2023-07-27 18:18:49 +01:00
Grzegorz Tworek
7241a8b7fd Create Provlaunch.yml (#307) 
Co-authored-by: Wietze <wietze@users.noreply.github.com>
 2023-07-25 16:16:39 +01:00
Ryan Plas
62ed936a39 Add missing document starts and add yamllint rule (#305) 2023-06-23 20:55:39 +01:00
frack113
e8ea28d4e9 Update SigmaHQ ref (#301) 
Signed-off-by: frack113 <62423083+frack113@users.noreply.github.com>
 2023-06-19 22:40:24 +01:00
CyberSorcery
c3f2690633 Tar.exe lateral movement (#277) 
Co-authored-by: Wietze <wietze@users.noreply.github.com>
 2023-06-17 22:25:34 +01:00
Black Shade
d71415de77 Create msedgewebview2.exe (#299) 
Co-authored-by: Wietze <wietze@users.noreply.github.com>
 2023-06-17 21:56:16 +01:00
frack113
b52200eb89 Add sigma and remove ampty string (#297) 
Signed-off-by: frack113 <62423083+frack113@users.noreply.github.com>
 2023-06-17 20:30:00 +01:00
Jose Enrique Hernandez
f5a3812c91 Merge pull request #295 from frack113/sigma_20230610 
Add missing Sigma ref
 2023-06-11 22:10:04 -04:00
frack113
55b7556b64 Add Sigma ref 
Signed-off-by: frack113 <62423083+frack113@users.noreply.github.com>
 2023-06-10 08:12:12 +02:00
mr.d0x
ef8048344d Update msedge.exe & add teams.exe 2023-05-27 12:11:05 -04:00
biscoito
1f7e8a3e57 Remove unnecessary "at" on command (#286) 2023-05-01 23:36:38 +01:00
mrd0x
787c87470e Several LOLBINs additions & modifications (#192) 
Co-authored-by: Wietze <wietze@users.noreply.github.com>
 2023-03-31 13:46:21 +01:00
Wietze
a9046ecb85 Fixing newline in odbcconf entry 2023-03-25 16:21:34 +00:00
Wietze
06f33c91ae Updating odbcconf, fixes #282 - thanks @hexacorn (#283) 2023-03-25 16:14:04 +00:00
Mr. 0range
2b7fdcac03 Adding WebDav techniques to cmd.exe entry (#273) 
Added the documentation for the type command file transfer, ADS, and copy functionality
---------

Co-authored-by: Wietze <wietze@users.noreply.github.com>
 2023-03-08 14:39:32 +00:00
Wietze
74d010a893 Removing pre-Windows 10 OSs from CertReq entry, fixes #247 2023-02-25 19:19:22 +00:00
bohops
cd16f0aff3 Add vsls-agent lolbin and committing a few other changes (#263) 
Co-authored-by: Wietze <wietze@users.noreply.github.com>
 2023-02-25 18:47:44 +00:00
febou92
ded90467a8 Create Ssh.yml (#211) 
* Create Ssh.yml

* newline ymlint

Co-authored-by: bohops <bohops>
 2022-12-29 19:45:09 -05:00
frack113
1072d3dc34 Add sigma ref Detection (#272) 
* Add sigma ref

* Add missing sigma ref

* Fix sigma link

* Remove by Defender

* Remove by Defender
 2022-12-29 09:51:15 -05:00
Grzegorz Tworek
ec676cbd93 Create Runexehelper.yml (#269) 
Co-authored-by: Wietze <wietze@users.noreply.github.com>
 2022-12-17 17:30:30 +00:00
Michał Kucharski
8452c1ca96 Update eventvwr.yml with Execute part (#252) 
* Update eventvwr.yml with Execute part

All things added based on https://twitter.com/orange_8361/status/1518970259868626944 and my re-tests.

* Update Eventvwr.yml

As asked by @bohops

* Update Eventvwr.yml
 2022-11-13 14:56:32 -05:00
Nasreddine Bencherchali
0d7efb8ead Adding and updating various LOLBINS (#229) 
Co-authored-by: Wietze <wietze@users.noreply.github.com>
 2022-11-11 16:42:44 +00:00
Grzegorz Tworek
1587eeaf6c Create Setres.yml (#262) 
Co-authored-by: Wietze <wietze@users.noreply.github.com>
 2022-10-26 11:15:13 +01:00
Wietze
c20f388444 Fixing minor error in description of Explorer, closes #257 2022-10-26 09:14:27 +01:00