Merge pull request #181 from redcanaryco/yamilze-progress-sync

cleanup
2018-05-23 21:35:23 -06:00
parent c2b3901c28 b9eb8e1743
commit 414b289933
3 changed files with 0 additions and 37 deletions
@@ -1,21 +0,0 @@
-## Application Shimming
-
-MITRE ATT&CK Technique: [T1138](https://attack.mitre.org/wiki/Technique/T1138)
-
-#### Deploying a custom shim database to users requires the following actions:
-
-##### 1.) Placing the custom shim database (*.sdb file) in a location to which the user’s computer has access (either locally or on the network)
-
-##### 2.) Possibly calling the sdbinst.exe command-line utility to install the custom shim database locally.
-
-##### 3.) Registry Modification - This is completed either manually or by an installation tool.
-
-    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom
-
-    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\InstalledSDB
-
-#### Detecting the shim execution is difficult. We suggest detection of Shim Installation.
-
-## Test Script
-
-[AppCompatShims](https://github.com/redcanaryco/atomic-red-team/blob/master/Windows/Payloads/AppCompatShims)
@@ -1,5 +0,0 @@
-## Authentication Package
-
-MITRE ATT&CK Technique: [T1131](https://attack.mitre.org/wiki/Technique/T1131)
-
-     HKLM\SYSTEM\CurrentControlSet\Control\Lsa\
@@ -1,11 +0,0 @@
-## Hooking
-
-MITRE ATT&CK Technique: [T1179](https://attack.mitre.org/wiki/Technique/T1179)
-
-### Sample Windows DLL Injection into PowerShell
-
-     mavinject $pid /INJECTRUNNING C:\Atomic\AtomicSSLHook.dll
-
-## Test Script
-
-[AtomicSSLHook.dll](https://github.com/redcanaryco/atomic-red-team/blob/master/Windows/Payloads/Hooking/)