Add dataset for T1546.015 BitLocker COM Hijacking lateral movement

Author: AAtashGar

datasets/attack_techniques/T1546.015/bitlocker_com_hijacking/.gitattributes

@@ -0,0 +1 @@
+*.log filter=lfs diff=lfs merge=lfs -text

datasets/attack_techniques/T1546.015/bitlocker_com_hijacking/bitlocker_com_hijacking.yml

@@ -0,0 +1,23 @@
+---
+name: BitLocker COM Hijacking Lateral Movement
+id: b8f4c2a1-9e7d-4f3b-8a1c-5d9e7f2b6a3e
+version: 1
+date: '2025-11-25'
+author: Ali Atashgar (AAtashGar)
+type: dataset
+description: Simulated Windows Security and System events demonstrating the
+  BitLocker Network Unlock COM Object Hijacking lateral movement technique
+  (T1574.015 / T1546.015) using RemoteRegistry service enablement, HKCU CLSID
+  manipulation, and execution via baaupdate.exe or BdeUISrv.exe.
+references:
+  - https://ipurple.team/2025/08/04/lateral-movement-bitlocker/
+  - https://github.com/rtecCyberSec/BitlockMove
+attack_data:
+  - file_name: windows-security.log
+    data: datasets/attack_techniques/T1546.015/bitlocker_com_hijacking/windows-security.log
+    source: WinEventLog:Security
+    sourcetype: WinEventLog:Security
+  - file_name: windows-system.log
+    data: datasets/attack_techniques/T1546.015/bitlocker_com_hijacking/windows-system.log
+    source: WinEventLog:System
+    sourcetype: WinEventLog:System

datasets/attack_techniques/T1546.015/bitlocker_com_hijacking/windows-security.log

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:8a9cf4b18a6383c2baefec1bfab29f561bb3055d2dba9df3062f3f97a81def33
+size 7003

datasets/attack_techniques/T1546.015/bitlocker_com_hijacking/windows-system.log

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:52199fd95101d48968b9683959cd06e894d23f036480253c13862589222c182f
+size 1058