Merge branch 'master' into patch-1

2018-06-04 07:55:17 +02:00 · 2018-06-04 07:55:17 +02:00 · 87cc101f27
parent ccf9956b03 063f634f2c
commit 87cc101f27
3 changed files with 32 additions and 3 deletions
--- a/LOLLibs.md
+++ b/LOLLibs.md
@ -5,6 +5,7 @@ If you are missing from the acknowledgement, please let me know (I did not forge
   
 # OS LIBRARIES
 [Advpack.dll](OSLibraries/Advpack.md)    
+[Desk.cpl.dll](OSLibraries/Desk.cpl.md)    
 [Ieadvpack.dll](OSLibraries/Ieadvpack.md)    
 [Ieframe.dll](OSLibraries/Ieframe.md)    
 [Mshtml.dll](OSLibraries/Mshtml.md)    
--- a/OSLibraries/Desk.md
+++ b/OSLibraries/Desk.md
@ -0,0 +1,25 @@
+## Desk.cpl
+
+* Functions: Execute
+
+```
+rundll32.exe Desk.cpl,InstallScreenSaver c:\temp\calc.scr  
+```
+
+Acknowledgements:
+* Pierre-Alexandre Braeken - @pabraeken
+
+
+Resources:
+* https://twitter.com/pabraeken/status/998627081360695297
+
+Full path:
+```
+c:\windows\system32\Desk.cpl
+c:\windows\sysWOW64\Desk.cpl
+```
+
+Notes:
+
+
+Detection:
--- a/OSLibraries/Shell32.md
+++ b/OSLibraries/Shell32.md
@ -7,18 +7,21 @@ rundll32.exe shell32.dll,Control_RunDLL payload.dll

 rundll32.exe shell32.dll,ShellExec_RunDLL beacon.exe    

-rundll32.exe shell32.dll,ShellExec_RunDLLA beacon.exe
+rundll32.exe shell32.dll,OpenAs_RunDLL c:\temp\calc.hta   
+
+rundll32.exe shell32.dll,ShellExec_RunDLLA beacon.exe   
 ```

 Acknowledgements:
-* Pierre-Alexandre Braeken - @pabraeken (ShellExec_RunDLL)
-* Vincent Yiu - @vysecurity (ShellExec_RunDLLA)
+* Pierre-Alexandre Braeken - @pabraeken (ShellExec_RunDLL)   
+* Vincent Yiu - @vysecurity (ShellExec_RunDLLA)   

 Code sample:
 * 

 Resources:
 * https://twitter.com/pabraeken/status/991768766898941953
+* https://twitter.com/pabraeken/status/998625299976867840

 Full path:
 ```