Generated docs from job=generate-docs branch=master [ci skip]

2024-08-03 01:37:27 +00:00
parent de8cc181a6
commit 30a2f6f601
12 changed files with 64 additions and 3 deletions
@@ -2,7 +2,7 @@

 # Atomic Red Team

-![GitHub Action Status](https://github.com/redcanaryco/atomic-red-team/actions/workflows/validate-atomics.yml/badge.svg?branch=master) ![Atomics](https://img.shields.io/badge/Atomics-1628-flat.svg) ![GitHub Action Status](https://github.com/redcanaryco/atomic-red-team/actions/workflows/generate-docs.yml/badge.svg?branch=master)
+![GitHub Action Status](https://github.com/redcanaryco/atomic-red-team/actions/workflows/validate-atomics.yml/badge.svg?branch=master) ![Atomics](https://img.shields.io/badge/Atomics-1629-flat.svg) ![GitHub Action Status](https://github.com/redcanaryco/atomic-red-team/actions/workflows/generate-docs.yml/badge.svg?branch=master)

 Atomic Red Team™ is a library of tests mapped to the
 [MITRE ATT&CK®](https://attack.mitre.org/) framework. Security teams can use
@@ -1792,6 +1792,7 @@ discovery,T1082,System Information Discovery,30,BIOS Information Discovery throu
 discovery,T1082,System Information Discovery,31,ESXi - VM Discovery using ESXCLI,2040405c-eea6-4c1c-aef3-c2acc430fac9,command_prompt
 discovery,T1082,System Information Discovery,32,ESXi - Darkside system information discovery,f89812e5-67d1-4f49-86fa-cbc6609ea86a,command_prompt
 discovery,T1082,System Information Discovery,33,sysctl to gather macOS hardware info,c8d40da9-31bd-47da-a497-11ea55d1ef6c,sh
+discovery,T1082,System Information Discovery,34,operating system discovery ,70e13ef4-5a74-47e4-9d16-760b41b0e2db,powershell
 discovery,T1016.002,System Network Configuration Discovery: Wi-Fi Discovery,1,Enumerate Stored Wi-Fi Profiles And Passwords via netsh,53cf1903-0fa7-4177-ab14-f358ae809eec,command_prompt
 discovery,T1010,Application Window Discovery,1,List Process Main Windows - C# .NET,fe94a1c3-3e22-4dc9-9fdf-3a8bdbc10dc4,command_prompt
 discovery,T1580,Cloud Infrastructure Discovery,1,AWS - EC2 Enumeration from Cloud Instance,99ee161b-dcb1-4276-8ecb-7cfdcb207820,sh
@@ -1205,6 +1205,7 @@ discovery,T1082,System Information Discovery,29,Check computer location,96be6002
 discovery,T1082,System Information Discovery,30,BIOS Information Discovery through Registry,f2f91612-d904-49d7-87c2-6c165d23bead,command_prompt
 discovery,T1082,System Information Discovery,31,ESXi - VM Discovery using ESXCLI,2040405c-eea6-4c1c-aef3-c2acc430fac9,command_prompt
 discovery,T1082,System Information Discovery,32,ESXi - Darkside system information discovery,f89812e5-67d1-4f49-86fa-cbc6609ea86a,command_prompt
+discovery,T1082,System Information Discovery,34,operating system discovery ,70e13ef4-5a74-47e4-9d16-760b41b0e2db,powershell
 discovery,T1016.002,System Network Configuration Discovery: Wi-Fi Discovery,1,Enumerate Stored Wi-Fi Profiles And Passwords via netsh,53cf1903-0fa7-4177-ab14-f358ae809eec,command_prompt
 discovery,T1010,Application Window Discovery,1,List Process Main Windows - C# .NET,fe94a1c3-3e22-4dc9-9fdf-3a8bdbc10dc4,command_prompt
 discovery,T1217,Browser Bookmark Discovery,5,List Google Chrome / Opera Bookmarks on Windows with powershell,faab755e-4299-48ec-8202-fc7885eb6545,powershell
@@ -2451,6 +2451,7 @@
  - Atomic Test #31: ESXi - VM Discovery using ESXCLI [windows]
  - Atomic Test #32: ESXi - Darkside system information discovery [windows]
  - Atomic Test #33: sysctl to gather macOS hardware info [macos]
+  - Atomic Test #34: operating system discovery  [windows]
 - [T1016.002 System Network Configuration Discovery: Wi-Fi Discovery](../../T1016.002/T1016.002.md)
  - Atomic Test #1: Enumerate Stored Wi-Fi Profiles And Passwords via netsh [windows]
 - [T1010 Application Window Discovery](../../T1010/T1010.md)
@@ -1713,6 +1713,7 @@
  - Atomic Test #30: BIOS Information Discovery through Registry [windows]
  - Atomic Test #31: ESXi - VM Discovery using ESXCLI [windows]
  - Atomic Test #32: ESXi - Darkside system information discovery [windows]
+  - Atomic Test #34: operating system discovery  [windows]
 - [T1016.002 System Network Configuration Discovery: Wi-Fi Discovery](../../T1016.002/T1016.002.md)
  - Atomic Test #1: Enumerate Stored Wi-Fi Profiles And Passwords via netsh [windows]
 - [T1010 Application Window Discovery](../../T1010/T1010.md)
@@ -101624,6 +101624,18 @@ discovery:
        command: sysctl -n hw.model
        name: sh
        elevation_required: false
+    - name: 'operating system discovery '
+      auto_generated_guid: 70e13ef4-5a74-47e4-9d16-760b41b0e2db
+      description: |-
+        operating system discovery using get-ciminstance
+        https://petri.com/getting-operating-system-information-powershell/
+      supported_platforms:
+      - windows
+      executor:
+        command: Get-CimInstance Win32_OperatingSystem | Select-Object Caption, Version,
+          ServicePackMajorVersion, OSArchitecture, CSName, WindowsDirectory | Out-null
+        name: powershell
+        elevation_required: false
  T1016.002:
    technique:
      modified: '2023-10-05T11:35:30.887Z'
@@ -83285,6 +83285,18 @@ discovery:
          '
        name: command_prompt
        elevation_required: false
+    - name: 'operating system discovery '
+      auto_generated_guid: 70e13ef4-5a74-47e4-9d16-760b41b0e2db
+      description: |-
+        operating system discovery using get-ciminstance
+        https://petri.com/getting-operating-system-information-powershell/
+      supported_platforms:
+      - windows
+      executor:
+        command: Get-CimInstance Win32_OperatingSystem | Select-Object Caption, Version,
+          ServicePackMajorVersion, OSArchitecture, CSName, WindowsDirectory | Out-null
+        name: powershell
+        elevation_required: false
  T1016.002:
    technique:
      modified: '2023-10-05T11:35:30.887Z'
@@ -74,6 +74,8 @@ Infrastructure as a Service (IaaS) cloud providers such as AWS, GCP, and Azure a

 - [Atomic Test #33 - sysctl to gather macOS hardware info](#atomic-test-33---sysctl-to-gather-macos-hardware-info)

+- [Atomic Test #34 - operating system discovery ](#atomic-test-34---operating-system-discovery-)
+

 <br/>

@@ -1191,4 +1193,33 @@ sysctl -n hw.model



+<br/>
+<br/>
+
+## Atomic Test #34 - operating system discovery 
+operating system discovery using get-ciminstance
+https://petri.com/getting-operating-system-information-powershell/
+
+**Supported Platforms:** Windows
+
+
+**auto_generated_guid:** 70e13ef4-5a74-47e4-9d16-760b41b0e2db
+
+
+
+
+
+
+#### Attack Commands: Run with `powershell`! 
+
+
+```powershell
+Get-CimInstance Win32_OperatingSystem | Select-Object Caption, Version, ServicePackMajorVersion, OSArchitecture, CSName, WindowsDirectory | Out-null
+```
+
+
+
+
+
+
 <br/>
@@ -528,6 +528,7 @@ atomic_tests:
    name: sh
    elevation_required: false
 - name: 'operating system discovery '
+  auto_generated_guid: 70e13ef4-5a74-47e4-9d16-760b41b0e2db
  description: |-
    operating system discovery using get-ciminstance
    https://petri.com/getting-operating-system-information-powershell/
@@ -1667,3 +1667,4 @@ c095ad8e-4469-4d33-be9d-6f6d1fb21585
 fdd45306-74f6-4ade-9a97-0a4895961228
 2db7852e-5a32-4ec7-937f-f4e027881700
 5510d22f-2595-4911-8456-4d630c978616
+70e13ef4-5a74-47e4-9d16-760b41b0e2db