security-tools/atomic-red-team
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Generate GUIDs from job=generate-docs branch=master [skip ci]

Browse Source
This commit is contained in:
Atomic Red Team GUID generator
2022-07-29 15:07:10 +00:00
parent c343036e0c
commit 0b80c61208
2 changed files with 2 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
atomics/T1546.015/T1546.015.yaml
+1
View File
@@ -96,6 +96,7 @@ atomic_tests:
Remove-Item -Path 'HKCU:\SOFTWARE\Classes\CLSID\#{clsid}' -Recurse -ErrorAction Ignore
name: powershell
- name: COM hijacking via TreatAs
auto_generated_guid: 33eacead-f117-4863-8eb0-5c6304fbfaa9
description: |-
This test first create a custom CLSID class pointing to the Windows Script Component runtime DLL. This DLL looks for the ScriptletURL key to get the location of the script to execute.
Then, it hijacks the CLSID for the Work Folders Logon Synchronization to establish persistence on user logon by creating the 'TreatAs' with the malicious CLSID as default value. The
atomics/used_guids.txt
+1
View File
@@ -1097,3 +1097,4 @@ df81db1b-066c-4802-9bc8-b6d030c3ba8e
ae9b2e3e-efa1-4483-86e2-fae529ab9fb6
a27418de-bdce-4ebd-b655-38f11142bf0c
1e40bb1d-195e-401e-a86b-c192f55e005c
33eacead-f117-4863-8eb0-5c6304fbfaa9