update word list for rule 932115 (RCE Windows command injection part 2/2) #2671
Comments
|
This issue has been open 120 days with no activity. Remove the stale label or comment, or this will be closed in 14 days |
|
https://lolbas-project.github.io/ might be a useful list of windows binaries. This is a curated list used by (at least some) pentesters. |
|
Taking a second look, and after adding all of the lolbas binaries to 932110, we can add all cmd commands from windows in this rule. The list should come from https://raw.githubusercontent.com/MicrosoftDocs/windowsserverdocs/main/WindowsServerDocs/administration/windows-commands/windows-commands.md |
|
If I get this right, the current rule 932115 should be the new rule 932380 like mentioned in this comment here. |
|
@theseion : do you know where I have to fix this (renaming of the rule 932115 to 932380)? |
|
Actually, that looks like an error to me. 932110 was renamed to 932370 but 932115 still exists and 932380 doesn't. I think @fzipi might just have forgotten to do the second renaming? |
Uh oh!
There was an error while loading. Please reload this page.
This file should be updated with binaries from the lolbas-project.
The text was updated successfully, but these errors were encountered: