-
Notifications
You must be signed in to change notification settings - Fork 978
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
update path information for several LOLBAS #332
base: master
Are you sure you want to change the base?
Conversation
added path: - Path: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
added path: C:\Program Files\Windows Defender\MpCmdRun.exe
added path: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
changed path from c:\Users\username\AppData\Local\Microsoft\Teams\current\Teams.exe to %localappdata%\Microsoft\Teams\current\Teams.exe to standardize the format and match the more common usage in the file paths.
updated path to include the name of the exe like all the other paths have.
@@ -12,7 +12,7 @@ Commands: | |||
MitreID: T1218 | |||
OperatingSystem: Windows 10, Windows 11 | |||
Full_Path: | |||
- Path: c:\Users\username\AppData\Local\Microsoft\Teams\current\Teams.exe | |||
- Path: %localappdata%\Microsoft\Teams\current\Teams.exe |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@ciwen3 this string is failing the YAML linting. The string cannot start with a "%" which is a reserved character that denotes a directive.
"Error: inaries/Teams.yml:15:11: [error] syntax error: found character '%' that cannot start any token (syntax)"
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@ciwen3 Please review the comments, address the syntax issues and update your pull request. Once all checks are passing, we can merge your changes.
"Error: inaries/Teams.yml:15:11: [error] syntax error: found character '%' that cannot start any token (syntax)"
added paths:
C:\Program Files\Windows Defender\MpCmdRun.exe
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
updated:
teams to have %localappdata% in the path
AgentExecutor added the exe name to the path to match all the other lolbas