security-tools/atomic-red-team
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix T1543.001 Test 2 Defaults (#2338)

Browse Source 
Co-authored-by: Nathan McNulty <nathanmcnulty@outlook.com>
This commit is contained in:
Nathan McNulty
2023-02-20 20:35:11 -08:00
committed by GitHub
parent 3da64960cd
commit 41393c010f
2 changed files with 4 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files
atomics/T1543.001/T1543.001.md
+2 -2
View File
@@ -83,8 +83,8 @@ This test adds persistence via a plist to execute via the macOS Event Monitor Da
#### Inputs:
| Name | Description | Type | Default Value |
|------|-------------|------|---------------|
| script_location | evil plist location | path | $PathToAtomicsFolder/T1053.004/src/atomicredteam_T1053_004.plist|
| script_destination | Path where to move the evil plist | path | /etc/emond.d/rules/atomicredteam_T1053_004.plist|
| script_location | evil plist location | path | $PathToAtomicsFolder/T1543.001/src/atomicredteam_T1543_001.plist|
| script_destination | Path where to move the evil plist | path | /etc/emond.d/rules/atomicredteam_T1543_001.plist|
| empty_file | Random name of the empty file used to trigger emond service | string | randomflag|
atomics/T1543.001/T1543.001.yaml
+2 -2
View File
@@ -45,11 +45,11 @@ atomic_tests:
script_location:
description: evil plist location
type: path
default: $PathToAtomicsFolder/T1053.004/src/atomicredteam_T1053_004.plist
default: $PathToAtomicsFolder/T1543.001/src/atomicredteam_T1543_001.plist
script_destination:
description: Path where to move the evil plist
type: path
default: /etc/emond.d/rules/atomicredteam_T1053_004.plist
default: /etc/emond.d/rules/atomicredteam_T1543_001.plist
empty_file:
description: Random name of the empty file used to trigger emond service
type: string