mirror/ LOLBAS
1
0
Fork 0
mirror of https://github.com/LOLBAS-Project/LOLBAS synced 2024-05-04 14:46:23 +02:00
Code Issues
760 Commits 4 Branches 0 Tags 3.4 MiB
Commit Graph

760 Commits

Author SHA1 Message Date
Wietze 2cc0ee99e6
Applying MITRE ATT&CK v15 changes (#370) 
https://attack.mitre.org/resources/updates/updates-april-2024/
 2024-04-24 15:10:59 +01:00
frack113 2cc01b0113
Add Detection Sigma ref (#368) 2024-04-19 18:53:37 +01:00
irEasty fc23c999e6
Create wbadmin (#364) 
Co-authored-by: Wietze <wietze@users.noreply.github.com>
 2024-04-05 19:38:21 +01:00
Avihay Eldad aea7bd082d
Add Winproj.exe as a downloader (#351) 
Co-authored-by: Wietze <wietze@users.noreply.github.com>
 2024-04-05 19:19:49 +01:00
C-h4ck-0 3c826ab1ca
Add MSAccess as a new downloader (#288) 
Co-authored-by: Wietze <wietze@users.noreply.github.com>
 2024-04-05 19:18:57 +01:00
Wietze ebbf08ec4d
Adding tags (closes #9, #318) (#362) 
* Adding various tags as a first iteration

* Adding quotes

* Adding 'Custom Format' properly

* Updating to key:value pairs

* Update template
 2024-04-03 11:53:36 -04:00
Avihay Eldad a945bac6be
Create Appcert.yml (#361) 
Co-authored-by: Wietze <wietze@users.noreply.github.com>
 2024-03-31 18:56:11 +01:00
Avesta 33b9574d04
Update Tar.yml (#310) 
Co-authored-by: Wietze <wietze@users.noreply.github.com>
 2024-03-31 14:00:57 +01:00
Avihay Eldad 65e05aa4d6
Update Te.yml (#359) 
Co-authored-by: Wietze <wietze@users.noreply.github.com>
 2024-03-31 13:43:00 +01:00
Axel Boesenach 3aa721515b
Fix typo in /z command parameter (#360) 2024-03-23 11:13:30 +00:00
j00c3 23bf33c7c4
Update MITRE T1185 to T1105 (#345) 2024-02-17 17:30:52 +00:00
Bjarne ce53e1376a
Moved text to correct line (#349) 
Moved "and show response in terminal" from `Command` to `Description`
 2024-02-17 17:14:08 +00:00
Lino bba87a6c2a
TypoFix: Addinutil.yml (#342) 
Small typo fix:
serliaized -> serialized
 2024-02-13 13:37:40 +00:00
Wietze 80267d91dd
Adding GitHub Actions workflow test for duplicate filenames (#340) 
* Adding GitHub Actions workflow test for duplicate filenames

* Adding generic error message

* Deduping fsutil.exe and teams.exe
 2023-11-07 20:55:24 -05:00
Grzegorz Tworek 5b4d6d604c
Create Fsutil.yml (#339) 2023-11-06 15:01:59 +01:00
Oddvar Moe abd4e989f4
Update README.md 
Inlcuded statement about NetNTLM coercing
 2023-11-06 14:54:56 +01:00
pfiatde ee78111254
Update Msiexec.yml (#333) 
* Update Msiexec.yml

Added transform file execution

* Update Msiexec.yml
 2023-11-06 13:47:04 +01:00
Wietze 760151b598
Fixing yml files with .yaml extension (#338) 2023-10-19 17:17:15 +01:00
frack113 4f83231697
Update old sigma link (#303) 
* Update SigmaHQ ref

Signed-off-by: frack113 <62423083+frack113@users.noreply.github.com>

* Update SigmaHQ ref

Signed-off-by: frack113 <62423083+frack113@users.noreply.github.com>

* Update SigmaHq ref

Signed-off-by: frack113 <62423083+frack113@users.noreply.github.com>

* Update SigmaHq ref

Signed-off-by: frack113 <62423083+frack113@users.noreply.github.com>

---------

Signed-off-by: frack113 <62423083+frack113@users.noreply.github.com>
 2023-10-18 11:30:34 -04:00
Onat Uzunyayla 7aba6fb550
Create vstest.console.exe (#322) 
* vstest.console.exe awl bypass

* Create testwindowremoteagent.yaml

Data Exfiltration with TestWindowRemoteAgent.exe is added

* Create vstest.yaml

In order to utilize this, you have to create a Unit Test project for c++ preferrably (because it builds into a single DLL easily) and write your malicious code inside the test method then build it. the main function will not run any code at all but when you call vstest.console to run your unit tests it also performs the other code inside the test method so you can run your code without directly running exe or dll

* Delete testwindowremoteagent.yaml

* Update vstest.yaml

A new description added
 2023-10-18 11:28:04 -04:00
Kamran Saifullah - Frog Man b13eb6f4fd
DevTunnels - Other MS Binary for Data Exfiltration (#327) 
* Add files via upload

* updated devtunnels.yml

* Update devtunnels.yml

* Update devtunnels.yml

* Update devtunnels.yml

* Updated Priviliges
 2023-10-15 00:05:54 +02:00
SILJAEUROPA fa3b5ed33c
added addinutil lolbas binary (#335) 
* added addinutil lolbas binary

* updated format for lint

* EOF LF
 2023-10-09 09:05:57 +02:00
Manas Bellani d6e4fb07d5
Added lolbas iediagcmd.exe as discovered by Adam @hexacorn (#199) 
Everything looks good, confirmed working on Windows 10 & 11, merging changes:

* Added 'Execute' lolbas for iediagcmd.exe

* Added missing fields from the template

* Update Iediagcmd.yml

Made corrections

* Update Iediagcmd.yml

Removing trailing spaces

* Update Iediagcmd.yml

removing empty fields

* Minor changes

* Update Iediagcmd.yml

Removing space before first "&". When setting the Environment variable, it's picking up the space so the path seemed to be "c:\test \", which is why tests are failing.

* Adding Windows 11 support

---------

Co-authored-by: Conor Richard <xenos@xenos-1.net>
Co-authored-by: Wietze <wietze@users.noreply.github.com>
 2023-10-04 09:47:18 -04:00
Conor Richard 90f666e7a0
Merge pull request #330 from LOLBAS-Project/fix/incorrect_date 
Enforcing YYYY-MM-DD format for dates (fixes #328)
 2023-10-03 15:03:23 -04:00
Wietze b3951952b0
Fixing command attribute on Vshadow 2023-10-03 17:41:18 +01:00
Wietze 366cdbd57c
Renaming vshadow file 2023-10-03 17:38:41 +01:00
Wietze 746d49bbb3
Merge remote-tracking branch 'origin/master' into fix/incorrect_date 2023-10-03 17:37:28 +01:00
Wietze e90d795e62
Fixing incorrect category on testwindowremoteagent entry 2023-10-03 17:24:36 +01:00
Wietze 135fc5ba49
Fixing incorrect date on testwindowremoteagent entry 2023-10-03 17:22:22 +01:00
Wietze 93aeeacb47
Ensuring GitHub Actions isn't run twice on PR 2023-10-03 17:21:42 +01:00
Wietze 96aad19b88
Fixing trailing spaces 2023-10-03 17:19:52 +01:00
Wietze 3ec9655b61
Updating search path 2023-10-03 17:16:05 +01:00
Wietze 52adf7084d
Fixing incorrect extension of testwindowremoteagent entry 2023-10-03 17:12:12 +01:00
Wietze be18d9b26d
Add file extension validation 2023-10-03 17:10:21 +01:00
Wietze 03711770b7
Enforcing YYYY-MM-DD format for dates 2023-10-03 16:58:52 +01:00
AyberkHalac f55d9d1131
Adding vshadow.exe (#325) 
Co-authored-by: Wietze <wietze@users.noreply.github.com>
 2023-10-03 16:53:08 +01:00
securepeacock fd9fae8321
Added Sigma to Teams.exe (#329) 2023-10-03 12:04:39 +01:00
Jose Enrique Hernandez a493c20989
Merge pull request #320 from mertdas/master 
Create msedge_proxy.yml
 2023-09-05 13:26:30 -04:00
Jose Enrique Hernandez d29b112d9e
Merge pull request #323 from onatuzunyayla/vstest 
Create testwindowremoteagent.yaml
 2023-09-05 11:47:31 -04:00
Mert Daş e75e99f1cf
Update msedge_proxy.yml 2023-09-05 18:47:05 +03:00
Mert Daş e585183dcd
Update msedge_proxy.yml 2023-09-05 18:45:00 +03:00
Mert Daş 69976b4880
Update msedge_proxy.yml 2023-09-05 18:41:36 +03:00
Mert Daş fee20a0813
Update msedge_proxy.yml 2023-09-05 18:39:16 +03:00
Mert Daş 7da6f3216d
Update msedge_proxy.yml 2023-09-05 18:37:14 +03:00
Wietze b137406d8d
Update testwindowremoteagent.yaml 2023-09-04 10:36:28 +01:00
Wietze 820e077aa0
Adding missing end-of-file newline 2023-09-04 10:34:34 +01:00
Mert Daş e2c58fcf31
Update msedge_proxy.yml 2023-09-03 22:28:00 +03:00
Mert Daş d5f153b84b
Update msedge_proxy.yml 2023-09-03 22:23:40 +03:00
Mert Daş f8743a4109
Update msedge_proxy.yml 2023-09-03 22:17:14 +03:00
Mert Daş 994aa792f0
Update msedge_proxy.yml 2023-09-03 22:11:01 +03:00