A scrapped .csv document of https://lolbas-project.github.io/. This is for easy ingestion into SIEMs for detection and investigation. For now it only contains the Binary names. Subsequently, I intend to add other columns like:
- Functions
- ATT&CK® Techniques
- Tactics
- Paths
This query identifies Microsoft-signed Binaries and Scripts that are not system initiated. This technique is commonly used in phishing attacks