From 0db5a0261acfa93b2ff97f0ed8d3c4dcfc190157 Mon Sep 17 00:00:00 2001
From: Atomic Red Team GUID generator <opensource@redcanary.com>
Date: Mon, 6 Feb 2023 13:25:17 +0000
Subject: [PATCH] Generate GUIDs from job=generate-docs branch=master [skip ci]

---
 atomics/T1552.004/T1552.004.yaml | 3 +++
 atomics/used_guids.txt           | 3 +++
 2 files changed, 6 insertions(+)

diff --git a/atomics/T1552.004/T1552.004.yaml b/atomics/T1552.004/T1552.004.yaml
index 83b06ab3..8b4523fb 100644
--- a/atomics/T1552.004/T1552.004.yaml
+++ b/atomics/T1552.004/T1552.004.yaml
@@ -198,6 +198,7 @@ atomic_tests:
       Remove-Item -Path ".\ADFS_signing.pfx" -ErrorAction Ignore
     name: powershell
 - name: CertUtil ExportPFX
+  auto_generated_guid: 336b25bf-4514-4684-8924-474974f28137
   description: |
     The following Atomic test simulates adding a generic non-malicious certificate to the Root certificate store. This behavior generates a registry modification that adds the cloned root CA certificate in the keys outlined in the blog. In addition, this Atomic utilizes CertUtil to export the PFX (ExportPFX), similar to what was seen in the Golden SAML attack.
     Keys will look like - \SystemCertificates\CA\Certificates or \SystemCertificates\Root\Certificates
@@ -223,6 +224,7 @@ atomic_tests:
     name: powershell
     elevation_required: true
 - name: Export Root Certificate with Export-PFXCertificate
+  auto_generated_guid: 7617f689-bbd8-44bc-adcd-6f8968897848
   description: |
     Creates a Root certificate and exports it with Export-PFXCertificate PowerShell Cmdlet.
     Upon a successful attempt, this will write a pfx to disk and utilize the Cmdlet Export-PFXCertificate.
@@ -248,6 +250,7 @@ atomic_tests:
     name: powershell
     elevation_required: true
 - name: Export Root Certificate with Export-Certificate
+  auto_generated_guid: 78b274f8-acb0-428b-b1f7-7b0d0e73330a
   description: |
     Creates a Root certificate and exports it with Export-Certificate PowerShell Cmdlet.
     Upon a successful attempt, this will write a pfx to disk and utilize the Cmdlet Export-Certificate.
diff --git a/atomics/used_guids.txt b/atomics/used_guids.txt
index 0b98499a..18f02ef5 100644
--- a/atomics/used_guids.txt
+++ b/atomics/used_guids.txt
@@ -1220,3 +1220,6 @@ c6952f41-6cf0-450a-b352-2ca8dae7c178
 91f348e6-3760-4997-a93b-2ceee7f254ee
 39f1f378-ba8a-42b3-96dc-2a6540cfc1e3
 35727d9e-7a7f-4d0c-a259-dc3906d6e8b9
+336b25bf-4514-4684-8924-474974f28137
+7617f689-bbd8-44bc-adcd-6f8968897848
+78b274f8-acb0-428b-b1f7-7b0d0e73330a