mirror/ LOLBAS
1
0
Fork 0
mirror of https://github.com/LOLBAS-Project/LOLBAS synced 2024-05-09 00:56:17 +02:00
Code Issues

Adding PowerShell to Honorable Mentions

This commit is contained in:
root 2024-04-02 21:20:11 -04:00
parent 462b5a8c61
commit 3a7f13130a
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
yml/HonorableMentions/PowerShell.yml
View File

@ -10,21 +10,21 @@ Commands:
Category: Execute
Privileges: User
MitreID: T1059.001
OperatingSystem: Windows 7 and up with .NET installed
OperatingSystem: Windows 7 and up
- Command: powershell.exe -ep bypass -command "Invoke-AllTheThings..."
Description: Set the execution policy to bypass and execute a PowerShell command
Usecase: Execute PowerShell cmdlets, .NET code, and just about anything else your heart desires
Category: Execute
Privileges: User
MitreID: T1059.001
OperatingSystem: Windows 7 and up with .NET installed
OperatingSystem: Windows 7 and up
- Command: powershell.exe -ep bypass -ec IgBXAGUAIAA8ADMAIABMAE8ATABCAEEAUwAiAA==
Description: Set the execution policy to bypass and execute a very malicious PowerShell encoded command
Usecase: Execute PowerShell cmdlets, .NET code, and just about anything else your heart desires
Category: Execute
Privileges: User
MitreID: T1059.001
OperatingSystem: Windows 7 and up with .NET installed
OperatingSystem: Windows 7 and up
Full_Path:
- Path: '%SystemRoot%\system32\WindowsPowerShell\v1.0\powershell.exe'
- Path: '%SystemRoot%\SysWOW64\WindowsPowerShell\v1.0\powershell.exe'