mirror of
https://github.com/LOLBAS-Project/LOLBAS
synced 2024-10-22 16:49:11 +02:00
ebbf08ec4d
* Adding various tags as a first iteration * Adding quotes * Adding 'Custom Format' properly * Updating to key:value pairs * Update template
25 lines
1.0 KiB
YAML
25 lines
1.0 KiB
YAML
---
|
|
Name: vsls-agent.exe
|
|
Description: Agent for Visual Studio Live Share (Code Collaboration)
|
|
Author: Jimmy (@bohops)
|
|
Created: 2022-11-01
|
|
Commands:
|
|
- Command: vsls-agent.exe --agentExtensionPath c:\path\to\payload.dll
|
|
Description: Load a library payload using the --agentExtensionPath parameter (32-bit)
|
|
Usecase: Execute proxied payload with Microsoft signed binary
|
|
Category: Execute
|
|
Privileges: User
|
|
MitreID: T1218
|
|
OperatingSystem: Windows 10 21H2 (likely previous and newer versions with modern versions of Visual Studio installed)
|
|
Tags:
|
|
- Execute: DLL
|
|
Full_Path:
|
|
- Path: c:\Program Files (x86)\Microsoft Visual Studio\2019\Professional\Common7\IDE\Extensions\Microsoft\LiveShare\Agent\vsls-agent.exe
|
|
Detection:
|
|
- Sigma: https://github.com/SigmaHQ/sigma/blob/6312dd1d44d309608552105c334948f793e89f48/rules/windows/process_creation/proc_creation_win_vslsagent_agentextensionpath_load.yml
|
|
Resources:
|
|
- Link: https://twitter.com/bohops/status/1583916360404729857
|
|
Acknowledgement:
|
|
- Person: Jimmy
|
|
Handle: '@bohops'
|