LOLDrivers
LOLDrivers copied to clipboard
magicsword-io
Living Off The Land Drivers
Hello, While working on those LOL drivers, I noticed a few things: - several documentation files state that the VersionInfo strings come from the PE header, that is incorrect, as...
Detected file name: Mozglue.dll Virus Total link: https://www.virustotal.com/gui/file/fede6e1698ffece6eca17f5b14511e027516b6f15917e624e8cdcfac97657ee2 Virus total results: 22/69 - SHA1: 7b35c543bec4e34c34957ca4a7125789b89ba29d SHA256: fede6e1698ffece6eca17f5b14511e027516b6f15917e624e8cdcfac97657ee2 MD5: 307e74b730405cede8e39c1139f69650
Surprised to not find this classic here http://kat.lua.cz/posts/Some_fun_with_vintage_bugs_and_driver_signing_enforcement/
https://www.crowdstrike.com/blog/scattered-spider-attempts-to-avoid-detection-with-bring-your-own-vulnerable-driver-tactic/ sha256 b6e82a4e6d8b715588bf4252f896e40b766ef981d941d0968f29a3a444f68fef e23283e75ed2bdabf6c703236f5518b4ca37d32f78d3d65b073496c12c643cfe
Add
https://www.virustotal.com/gui/file/274340f7185a0cc047d82ecfb2cce5bd18764ee558b5227894565c2f9fe9f6ab/details
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-23376
This PR updates the following: - Fix the template by replacing the old Name field with Tags. - Adds resources as a required field, since we can't add a driver...
This PR reorder the yaml fields and ensures an indentation of 4 across all yamls. The following order was used: `["Id", "Tags", "Verified", "Author", "Created", "MitreID", "CVE", "Category", "Commands", "Resources",...
sha256: bc2606740e4648c3732541db929f2e02ea8567520d35de57c671e93c71e632f3 Reference: https://dor00tkit.github.io/Dor00tkit/posts/from-admin-to-kernel-one-year-one-driver-zero-attention/
