Merge pull request #1098 from AAtashGar/dataset/bitlocker

Add dataset for T1546.015 BitLocker COM Hijacking lateral movement

Author: nasbench

datasets/attack_techniques/T1546.015/bitlocker_com_hijacking/bitlocker_com_hijacking.yml

@@ -0,0 +1,17 @@
+author: Ali Atashgar (AAtashGar)
+id: b8f4c2a1-9e7d-4f3b-8a1c-5d9e7f2b6a3e
+date: '2025-11-25'
+description: Simulated Windows Security and System events demonstrating the BitLocker Network Unlock COM Object Hijacking lateral movement technique (T1574.015 / T1546.015) using RemoteRegistry service enablement, HKCU CLSID manipulation, and execution via baaupdate.exe or BdeUISrv.exe.
+environment: NA
+directory: bitlocker_com_hijacking
+mitre_technique:
+  - T1546.015
+datasets:
+  - name: windows-security.log
+    path: datasets/attack_techniques/T1546.015/bitlocker_com_hijacking/windows-security.log
+    source: XmlWinEventLog:Security
+    sourcetype: XmlWinEventLog
+  - name: windows-system.log
+    path: datasets/attack_techniques/T1546.015/bitlocker_com_hijacking/windows-system.log
+    source: XmlWinEventLog:System
+    sourcetype: XmlWinEventLog

datasets/attack_techniques/T1546.015/bitlocker_com_hijacking/windows-security.log

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:bb99bf5fb415c94fa697ac1138158028fb03f350df587112c6d715bf43876761
+size 8856

datasets/attack_techniques/T1546.015/bitlocker_com_hijacking/windows-system.log

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:5ebb20bfbf74c279370b775db9f2061296c9b0c52bc0092bb987750ef0f1525f
+size 1704