From 15b6f10135f31d232b16127c81300a8ab22e2334 Mon Sep 17 00:00:00 2001
From: Tony M Lambert <ForensicITGuy@users.noreply.github.com>
Date: Thu, 13 Dec 2018 10:06:12 -0600
Subject: [PATCH] T1009 Binary Padding reorg with variables (#425)

---
 atomics/T1009/T1009.yaml | 19 ++++++++++---------
 1 file changed, 10 insertions(+), 9 deletions(-)

diff --git a/atomics/T1009/T1009.yaml b/atomics/T1009/T1009.yaml
index baa9a7b4..fbc9162e 100644
--- a/atomics/T1009/T1009.yaml
+++ b/atomics/T1009/T1009.yaml
@@ -3,20 +3,21 @@ attack_technique: T1009
 display_name: Binary Padding
 
 atomic_tests:
-- name: Pad Evil Binary to Change Hash
+- name: Pad Binary to Change Hash - Linux/macOS dd
   description: |
-    Copies cat to create an "evil binary" and pads it with a zero to change the hash without harming execution
+    Uses dd to add a zero to the binary to change the hash
 
   supported_platforms:
     - macos
     - linux
-
+  input_arguments:
+    binary_to_pad:
+      description: Path of binary to be padded
+      type: Path
+      default: /tmp/EvilBinary
   executor:
     name: sh
     command: |
-      cp /bin/cat /tmp/evilCat
-      md5sum /tmp/evilCat
-      dd if=/dev/zero bs=1 count=1 >> /tmp/evilCat
-      md5sum /tmp/evilCat
-      /tmp/evilCat .bash_profile
-      
+      md5sum #{binary_to_pad}
+      dd if=/dev/zero bs=1 count=1 >> #{binary_to_pad}
+      md5sum #{binary_to_pad}