security-tools/atomic-red-team
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

New Atomic Test: PromptOnSecureDesktop (#2549)

Browse Source 
* New Atomic Test: PromptOnSecureDesktop

* Update T1548.002.yaml

---------

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
This commit is contained in:
Mohana Shankar D
2023-10-03 02:14:36 +05:30
committed by GitHub
parent 30947260a6
commit 3397666c5c
1 changed files with 14 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
atomics/T1548.002/T1548.002.yaml
+14
View File
@@ -652,3 +652,17 @@ atomic_tests:
cleanup_command: |
Remove-Item #{commandpath} -Recurse -Force
name: powershell
- name: Disable UAC - Switch to the secure desktop when prompting for elevation via registry key
description: |
User Account Control (UAC) is a security mechanism for limiting the elevation of privileges, including administrative accounts, unless authorized.
This setting ensures that the elevation prompt is only used in secure desktop mode.
Disable User Account Conrol (UAC) for secure desktop by setting the registry key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop to 0.
supported_platforms:
- windows
executor:
command: |-
Set-ItemProperty HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -Name PromptOnSecureDesktop -Value 0 -Type Dword -Force
cleanup_command: |
Set-ItemProperty HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -Name PromptOnSecureDesktop -Value 1 -Type Dword -Force
name: powershell
elevation_required: true