From 7f6f24e4028438818dc1493740d2a65f019d29e0 Mon Sep 17 00:00:00 2001 From: Gavin Kramer Date: Tue, 12 Aug 2025 12:59:06 -0700 Subject: [PATCH 1/8] Update yaml to standardize BOF repo links --- Apollo/LOW_DomainEnumeration_Apollo.yaml | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/Apollo/LOW_DomainEnumeration_Apollo.yaml b/Apollo/LOW_DomainEnumeration_Apollo.yaml index be6f4f4..84f5bed 100644 --- a/Apollo/LOW_DomainEnumeration_Apollo.yaml +++ b/Apollo/LOW_DomainEnumeration_Apollo.yaml @@ -8,8 +8,7 @@ keywords: - apollo_callback environment: {} -# uses: https://github.com/trustedsec/CS-Situational-Awareness-BOF, and listwamaccounts BOF from: https://github.com/Tw1sm/list-wam-accounts - +# Repository: https://github.com/trustedsec/CS-Situational-Awareness-BOF, https://github.com/Tw1sm/list-wam-accounts steps: - name: "Current Domain Context" @@ -134,4 +133,4 @@ steps: "coff_name": "listwamaccounts.x64.o", "function_name": "go" }' - command_name: execute_coff \ No newline at end of file + command_name: execute_coff From b6ac4b16757cc26fd66029bafd3179305285e27b Mon Sep 17 00:00:00 2001 From: Gavin Kramer Date: Tue, 12 Aug 2025 12:59:54 -0700 Subject: [PATCH 2/8] Update yaml to standardize BOF repo links --- Apollo/HIGH_ClipboardMonitor_Apollo.yaml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/Apollo/HIGH_ClipboardMonitor_Apollo.yaml b/Apollo/HIGH_ClipboardMonitor_Apollo.yaml index 78ff1dc..8d6eebf 100644 --- a/Apollo/HIGH_ClipboardMonitor_Apollo.yaml +++ b/Apollo/HIGH_ClipboardMonitor_Apollo.yaml @@ -7,7 +7,7 @@ keywords: - apollo_callback environment: {} -# uses a forked GetClipboard BOF from https://github.com/atomiczsec/BOF_Collection/tree/master/Collection/Clipboard +# Repository: https://github.com/atomiczsec/BOF_Collection/tree/master/Collection/Clipboard steps: - name: "GetClipboard" @@ -23,4 +23,5 @@ steps: "coff_name": "GetClipboard.o", "function": "go", "serialized_arguments": "00000000" - } \ No newline at end of file + + } From f5199d1a060dd618de7be46d8d4a5cc09841af3e Mon Sep 17 00:00:00 2001 From: Gavin Kramer Date: Tue, 12 Aug 2025 13:05:11 -0700 Subject: [PATCH 3/8] Update yaml to standardize BOF repo links --- Apollo/HIGH_NanoRobeus_Apollo.yaml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/Apollo/HIGH_NanoRobeus_Apollo.yaml b/Apollo/HIGH_NanoRobeus_Apollo.yaml index a86a92e..9575a95 100644 --- a/Apollo/HIGH_NanoRobeus_Apollo.yaml +++ b/Apollo/HIGH_NanoRobeus_Apollo.yaml @@ -8,7 +8,7 @@ keywords: - apollo_callback environment: {} -#uses: https://github.com/sliverarmory/armory/ +# Repository: https://github.com/wavvs/nanorobeus steps: @@ -25,4 +25,5 @@ steps: "coff_arguments": [["z","dump"],["z","/all"],["z",""],["z",""],["z",""]], "serialized_arguments": "00000000" }' - command_name: execute_coff \ No newline at end of file + + command_name: execute_coff From 53db66095f94a3ed8dd7ff458c1b707f2c856605 Mon Sep 17 00:00:00 2001 From: Gavin Kramer Date: Tue, 12 Aug 2025 13:05:34 -0700 Subject: [PATCH 4/8] Update yaml to standardize BOF repo links --- Apollo/LOW_BasicRecon_Apollo.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Apollo/LOW_BasicRecon_Apollo.yaml b/Apollo/LOW_BasicRecon_Apollo.yaml index e5387f0..49ce715 100644 --- a/Apollo/LOW_BasicRecon_Apollo.yaml +++ b/Apollo/LOW_BasicRecon_Apollo.yaml @@ -8,7 +8,7 @@ keywords: - apollo_callback environment: {} -#uses: https://github.com/trustedsec/CS-Situational-Awareness-BOF +# Repository: https://github.com/trustedsec/CS-Situational-Awareness-BOF steps: - name: "NetworkConnections" From 27398110255fa7a22a2e927ae2eb2dd3002559e7 Mon Sep 17 00:00:00 2001 From: Gavin Kramer Date: Tue, 12 Aug 2025 13:05:57 -0700 Subject: [PATCH 5/8] Update yaml to standardize BOF repo links --- Apollo/LOW_NetworkPassive_Apollo.yaml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/Apollo/LOW_NetworkPassive_Apollo.yaml b/Apollo/LOW_NetworkPassive_Apollo.yaml index 26f1110..e66521f 100644 --- a/Apollo/LOW_NetworkPassive_Apollo.yaml +++ b/Apollo/LOW_NetworkPassive_Apollo.yaml @@ -8,7 +8,7 @@ keywords: - apollo_callback environment: {} -# CS TrustedSec BOFs https://github.com/trustedsec/CS-Situational-Awareness-BOF +# Repository: https://github.com/trustedsec/CS-Situational-Awareness-BOF steps: - name: "IPConfig" @@ -87,4 +87,5 @@ steps: "arguments": [], "serialized_arguments": "00000000" }' - command_name: execute_coff \ No newline at end of file + + command_name: execute_coff From b44e097b2e1ca2c6c4de22c895bf4702bc3a48a1 Mon Sep 17 00:00:00 2001 From: Gavin Kramer Date: Tue, 12 Aug 2025 13:06:13 -0700 Subject: [PATCH 6/8] Update LOW_ProcessRecon_Apollo.yaml --- Apollo/LOW_ProcessRecon_Apollo.yaml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/Apollo/LOW_ProcessRecon_Apollo.yaml b/Apollo/LOW_ProcessRecon_Apollo.yaml index a8f60eb..1e8b165 100644 --- a/Apollo/LOW_ProcessRecon_Apollo.yaml +++ b/Apollo/LOW_ProcessRecon_Apollo.yaml @@ -8,7 +8,7 @@ keywords: - apollo_callback environment: {} -# uses: https://github.com/trustedsec/CS-Situational-Awareness-BOF +# Repository: https://github.com/trustedsec/CS-Situational-Awareness-BOF steps: - name: "ProcessList" @@ -52,4 +52,5 @@ steps: "arguments": [], "serialized_arguments": "00000000" }' - command_name: execute_coff \ No newline at end of file + + command_name: execute_coff From 0ab025d80157434c7ad37006a7e32c1b0d3fe8a0 Mon Sep 17 00:00:00 2001 From: Gavin Kramer Date: Tue, 12 Aug 2025 13:06:27 -0700 Subject: [PATCH 7/8] Update yaml to standardize BOF repo links --- Apollo/LOW_SystemRecon_Apollo.yaml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/Apollo/LOW_SystemRecon_Apollo.yaml b/Apollo/LOW_SystemRecon_Apollo.yaml index b6f73b8..5f3c117 100644 --- a/Apollo/LOW_SystemRecon_Apollo.yaml +++ b/Apollo/LOW_SystemRecon_Apollo.yaml @@ -8,7 +8,7 @@ keywords: - apollo_callback environment: {} -# uses https://github.com/trustedsec/CS-Situational-Awareness-BOF +# Repository: https://github.com/trustedsec/CS-Situational-Awareness-BOF steps: - name: "WhoAmI" @@ -92,4 +92,5 @@ steps: "arguments": [], "serialized_arguments": "00000000" }' - command_name: execute_coff \ No newline at end of file + + command_name: execute_coff From 48d6143bddd224ad8f405c84ee974f2ac054b5cb Mon Sep 17 00:00:00 2001 From: Gavin Kramer Date: Tue, 12 Aug 2025 13:06:47 -0700 Subject: [PATCH 8/8] Update MEDIUM_CredentialPreperation_Apollo.yaml --- Apollo/MEDIUM_CredentialPreperation_Apollo.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Apollo/MEDIUM_CredentialPreperation_Apollo.yaml b/Apollo/MEDIUM_CredentialPreperation_Apollo.yaml index 18001f5..725d231 100644 --- a/Apollo/MEDIUM_CredentialPreperation_Apollo.yaml +++ b/Apollo/MEDIUM_CredentialPreperation_Apollo.yaml @@ -8,7 +8,7 @@ keywords: - apollo_callback environment: {} -# uses: https://github.com/trustedsec/CS-Situational-Awareness-BOF, https://github.com/outflanknl/C2-Tool-Collection/tree/main/BOF/Klist +# Repository: https://github.com/trustedsec/CS-Situational-Awareness-BOF, https://github.com/outflanknl/C2-Tool-Collection/tree/main/BOF/Klist steps: - name: "Current User Context"