Add test for T1518 that displays Internet Explorer Version (#605)
This commit is contained in:
Jake Hill
@@ -0,0 +1,18 @@
|
||||
---
|
||||
attack_technique: T1518
|
||||
display_name: Software Discovery
|
||||
|
||||
atomic_tests:
|
||||
- name: Find and Display Iinternet Explorer Browser Version
|
||||
description: |
|
||||
Adversaries may attempt to get a listing of non-security related software that is installed on the system. Adversaries may use the information from Software Discovery during automated discovery to shape follow-on behaviors
|
||||
|
||||
supported_platforms:
|
||||
- windows
|
||||
|
||||
executor:
|
||||
name: command_prompt
|
||||
elevation_required: false # indicates whether command must be run with admin privileges. If the elevation_required attribute is not defined, the value is assumed to be false
|
||||
command: | # these are the actaul attack commands, at least one command must be provided
|
||||
reg query "HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer" /v svcVersion
|
||||
|
||||
Reference in New Issue
Block a user