security-tools/atomic-red-team
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Generate GUIDs from job=generate-docs branch=master [skip ci]

Browse Source
This commit is contained in:
Atomic Red Team GUID generator
2022-09-09 20:27:22 +00:00
parent 5067af0634
commit 36c852a2d7
2 changed files with 2 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
atomics/T1546.012/T1546.012.yaml
+1
View File
@@ -50,6 +50,7 @@ atomic_tests:
name: command_prompt
elevation_required: true
- name: GlobalFlags in Image File Execution Options
auto_generated_guid: 13117939-c9b2-4a43-999e-0a543df92f0d
description: |
The following Atomic Test will create a GlobalFlag key under Image File Execution Options, also a SilentProcessExit Key with ReportingMode and MonitorProcess values. This test is similar to a recent CanaryToken that will generate an EventCode 3000 in the Application log when a command, whoami.exe for example, is executed.
Upon running Whoami.exe, a command shell will spawn and start calc.exe based on the MonitorProcess value.
atomics/used_guids.txt
+1
View File
@@ -1145,3 +1145,4 @@ f450461c-18d1-4452-9f0d-2c42c3f08624
59dbeb1a-79a7-4c2a-baf4-46d0f4c761c4
c2587b8d-743d-4985-aa50-c83394eaeb68
d5d5a6b0-0f92-42d8-985d-47aafa2dd4db
13117939-c9b2-4a43-999e-0a543df92f0d