Skip to content

Commit

Permalink
Add OneDriveStandaloneUpdater.exe to iphlpapi.dll entry (#70)
Browse files Browse the repository at this point in the history
  • Loading branch information
@bobby-tablez
bobby-tablez authored Mar 21, 2024
1 parent 41f0121 commit e4375b2
Showing 1 changed file with 5 additions and 0 deletions.
5 changes: 5 additions & 0 deletions yml/microsoft/built-in/iphlpapi.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -183,6 +183,8 @@ VulnerableExecutables:
Type: Catalog
- Path: '%LOCALAPPDATA%\microsoft\onedrive\onedrive.exe'
Type: Search Order
- Path: '%LOCALAPPDATA%\microsoft\onedrive\OneDriveStandaloneUpdater.exe'
Type: Search Order
- Path: '%LOCALAPPDATA%\microsoft\teams\current\teams.exe'
Type: Search Order
- Path: '%SYSTEM32%\dpiscaling.exe'
Expand Down Expand Up @@ -221,6 +223,7 @@ Resources:
- https://securityintelligence.com/posts/windows-features-dll-sideloading/
- https://github.com/xforcered/WFH
- https://twitter.com/AndrewOliveau/status/1682185200862625792
- https://x00.zip/playing-with-process-handles/
Acknowledgements:
- Name: Wietze
Twitter: '@wietze'
Expand All @@ -230,3 +233,5 @@ Acknowledgements:
Twitter: '@ConsciousHacker'
- Name: Andrew Oliveau
Twitter: '@AndrewOliveau'
- Name: Tim Peck
Twitter: '@B0bby_Tablez'

0 comments on commit e4375b2

Please sign in to comment.