security-tools/atomic-red-team
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update T1037.yaml (#592)

Browse Source 
* Adding T1086 Alternate Data Stream atomic

* Added newline T1086

* Syncing changes with updstream and origin.

* Added Cleanup to Logon Scripts Atomic T1037

* Added timout to allow time for detection logic to register change.

* Fixed issue with upstream sync,  Re-added timout to allow time for detection logic.

* Fixed cleanup command. Yaml tag not working to allow it to run.

* Update T1158 test 11. 

Corrected ADS syntax. Added loop to run embedded ADS command from shell. Also added cleanup code.

* Update T1037.yaml

Moved Reg delete command under the cleanup_command tag for consistency.

* Update T1037.yaml

Moved reg removal command under cleanup_command tag for consistency.
This commit is contained in:
dwhite9
2019-10-21 16:04:17 -05:00
committed by Michael Haag
parent c903c6c00e
commit 2c8c26fb71
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
atomics/T1037/T1037.yaml
+1 -1
View File
@@ -21,7 +21,7 @@ atomic_tests:
elevation_required: false
command: |
REG.exe ADD HKCU\Environment /v UserInitMprLogonScript /t REG_MULTI_SZ /d "#{script_command}"
REM cleanup command below.
cleanup_command: |
REG.exe DELETE HKCU\Environment /v UserInitMprLogonScript /f
- name: Logon Scripts - Mac