security-tools/atomic-red-team
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix link (#2593)

Browse Source
This commit is contained in:
art-labs
2023-11-06 19:33:38 -05:00
committed by GitHub
parent 157de65031
commit 18955ff270
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
atomics/T1654/T1654.yaml
+1 -1
View File
@@ -6,7 +6,7 @@ atomic_tests:
description: |-
Uses the built-in PowerShell commandlet Get-EventLog to search for 'SYSTEM' keyword and saves results to a text file.
This technique was observed in a (TheDFIRReport case)[https://thedfirreport.com/2023/04/03/malicious-iso-file-leads-to-domain-wide-ransomware/]
This technique was observed in a [TheDFIRReport case](https://thedfirreport.com/2023/04/03/malicious-iso-file-leads-to-domain-wide-ransomware/)
where the threat actor enumerated the Windows Security audit log to determine user accounts and associated IPv4 addresses.
Successful execution will save matching log events to the users temp folder.