security-tools/atomic-red-team
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

typo fix

Browse Source
This commit is contained in:
Carrie Roberts
2020-07-02 17:19:33 -06:00
committed by GitHub
parent 06ea87f94f
commit 0450aa2edd
1 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files
atomics/T1574.010/T1574.010.yaml
+3 -3
View File
@@ -8,7 +8,7 @@ atomic_tests:
powershell -c "Get-WmiObject win32_service | select PathName" (check service file location) and
copy /Y C:\temp\payload.exe C:\ProgramData\folder\Update\weakpermissionfile.exe ( replace weak permission file with malicious file )
Upon execution, open the weak permission file at %temp%\T1574.010_weak_permission_file.txt and verify that it's contents read " T1574.010 Malicious file". To verify
Upon execution, open the weak permission file at %temp%\T1574.010_weak_permission_file.txt and verify that it's contents read "T1574.010 Malicious file". To verify
the weak file permissions, open File Explorer to%temp%\T1574.010_weak_permission_file.exe then open Properties and Security to view the Full Control permission is enabled.
supported_platforms:
- windows
@@ -16,7 +16,7 @@ atomic_tests:
malicious_file:
description: File to replace weak permission file with
type: path
default: $env:TEMP\ T1574.010\ T1574.010_malicious_file.txt
default: $env:TEMP\T1574.010\T1574.010_malicious_file.txt
weak_permission_file:
description: check weak files permission
type: path
@@ -35,7 +35,7 @@ atomic_tests:
prereq_command: |
if (Test-Path #{malicious_file}) {exit 0} else {exit 1}
get_prereq_command: |
New-Item -Type Directory -Path $env:TEMP\ T1574.010\ -Force | Out-Null
New-Item -Type Directory -Path $env:TEMP\T1574.010\ -Force | Out-Null
New-Item #{malicious_file} -Force | Out-Null
Set-Content -Path #{malicious_file} -Value " T1574.010 Malicious file"
executor: