atomics/T1124/T1124.yaml

---
attack_technique: T1124
display_name: System Time Discovery

atomic_tests:
- name: System Time Discovery
  description: |
    Identify the system time

  supported_platforms:
    - windows

  input_arguments:
    computer_name:
      description: computer name to query
      type: string
      default: computer1

  executor:
    name: command_prompt
    elevation_required: false
    command: |
      net time \\#{computer_name}
      w32tm /tz

- name: System Time Discovery - PowerShell
  description: |
    Identify the system time via PowerShell

  supported_platforms:
    - windows

  executor:
    name: powershell
    elevation_required: false
    command: |
      Get-Date
T1124 2018-05-25 08:15:00 -04:00			`---`
			`attack_technique: T1124`
			`display_name: System Time Discovery`

			`atomic_tests:`
			`- name: System Time Discovery`
			`description: \|`
			`Identify the system time`

			`supported_platforms:`
			`- windows`

			`input_arguments:`
formatting 2018-05-27 15:42:23 +01:00			`computer_name:`
T1124 2018-05-25 08:15:00 -04:00			`description: computer name to query`
			`type: string`
			`default: computer1`

			`executor:`
			`name: command_prompt`
Add elevated (#542 ) 2019-09-03 07:34:42 -06:00			`elevation_required: false`
T1124 2018-05-25 08:15:00 -04:00			`command: \|`
Technique fixes 2018-08-31 07:59:05 -04:00			`net time \\#{computer_name}`
T1124 2018-05-25 08:15:00 -04:00			`w32tm /tz`

			`- name: System Time Discovery - PowerShell`
			`description: \|`
			`Identify the system time via PowerShell`

			`supported_platforms:`
			`- windows`

			`executor:`
			`name: powershell`
Add elevated (#542 ) 2019-09-03 07:34:42 -06:00			`elevation_required: false`
T1124 2018-05-25 08:15:00 -04:00			`command: \|`
Powershell fixes 2018-09-05 11:35:24 -04:00			`Get-Date`