public-mirrors/LOLBAS
1
0
Fork 0
mirror of https://github.com/LOLBAS-Project/LOLBAS synced 2024-10-23 00:58:42 +02:00
Code Issues Projects Releases Wiki Activity
b3951952b0
LOLBAS/yml/OtherMSBinaries/vsls-agent.yml
frack113 e08b10f437
Fix sigmaHQ ref (#300) 
Signed-off-by: frack113 <62423083+frack113@users.noreply.github.com>
2023-06-17 20:29:07 +01:00

23 lines
1.0 KiB
YAML
Raw Blame History

---
Name: vsls-agent.exe
Description: Agent for Visual Studio Live Share (Code Collaboration)
Author: Jimmy (@bohops)
Created: 2022-11-01
Commands:
- Command: vsls-agent.exe --agentExtensionPath c:\path\to\payload.dll
Description: Load a library payload using the --agentExtensionPath parameter (32-bit)
Usecase: Execute proxied payload with Microsoft signed binary
Category: Execute
Privileges: User
MitreID: T1218
OperatingSystem: Windows 10 21H2 (likely previous and newer versions with modern versions of Visual Studio installed)
Full_Path:
- Path: c:\Program Files (x86)\Microsoft Visual Studio\2019\Professional\Common7\IDE\Extensions\Microsoft\LiveShare\Agent\vsls-agent.exe
Detection:
- Sigma: https://github.com/SigmaHQ/sigma/blob/6312dd1d44d309608552105c334948f793e89f48/rules/windows/process_creation/proc_creation_win_vslsagent_agentextensionpath_load.yml
Resources:
- Link: https://twitter.com/bohops/status/1583916360404729857
Acknowledgement:
- Person: Jimmy
Handle: '@bohops'
Reference in New Issue View Git Blame Copy Permalink