forked from wietze/HijackLibs
-
Notifications
You must be signed in to change notification settings - Fork 0
/
template.yml
29 lines (29 loc) · 1.1 KB
/
template.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
---
Name: nameofthedll.dll # All lower case, must match filename (in this case it would be nameofthedll.yml)
Author: Author Name
Created: 2023-01-01
Vendor: Vendor Name
CVE: CVE-2000-1234 # Or remove line if not applicable
ExpectedLocations: # No trailing slashes
- '%SYSTEM32%'
- '%SYSWOW64%'
- '%PROGRAMFILES%'
- 'C:\some\file\location' # As long as you use single quotes, you won't have to escape your backslashes
- ...
VulnerableExecutables:
- Path: 'c:\path\to\the\executable.exe'
Type: Phantom|Sideloading|Search Order|Environment Variable
AutoElevate: true # Remove line if false
PrivilegeEscalation: true # Remove line if false
Condition: 'version >= 1.2.3.4' # Remove line if not applicable
Variable: SYSTEMROOT # Only if Type=="Environment Variable"; remove line otherwise
SHA256: # Remove line if not a 3rd-party entry
- 'for 3rd-party entries, provide a SHA-256 hash'
- ...
Resources:
- https://some-link.here
- ...
Acknowledgements:
- Name: Full Name or Twitter Screen Name
Twitter: '@twitter-handle' # Has to start with @; remove line if not applicable
- ...