security-tools/atomic-red-team
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Generated docs from job=generate-docs branch=master [ci skip]

Browse Source
This commit is contained in:
Atomic Red Team doc generator
2025-10-10 21:43:49 +00:00
parent bf100b8920
commit 47c80ca1e1
2 changed files with 6 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files
atomics/Indexes/index.yaml
+3 -3
View File
@@ -61879,17 +61879,17 @@ persistence:
\nit is possible to use Outlook Macro as a way to achieve persistance and
execute arbitrary commands. This transform Outlook into a C2.\nToo achieve
this two things must happened on the syste\n- The macro security registry
value must be set to '4'\n- A file called VbaProject.OTM must be created in
value must be set to '1'\n- A file called VbaProject.OTM must be created in
the Outlook Folder.\n"
supported_platforms:
- windows
executor:
command: |
reg add "HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Security\Level" /t REG_DWORD /d 1 /f
reg add "HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Security" /v Level /t REG_DWORD /d 1 /f
mkdir %APPDATA%\Microsoft\Outlook\ >nul 2>&1
echo "Atomic Red Team TEST" > %APPDATA%\Microsoft\Outlook\VbaProject.OTM
cleanup_command: |
reg delete "HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Security\Level" /f >nul 2>&1
reg delete "HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Security" /v Level /f >nul 2>&1
del %APPDATA%\Microsoft\Outlook\VbaProject.OTM >nul 2>&1
name: command_prompt
T1098.003:
atomics/Indexes/windows-index.yaml
+3 -3
View File
@@ -51110,17 +51110,17 @@ persistence:
\nit is possible to use Outlook Macro as a way to achieve persistance and
execute arbitrary commands. This transform Outlook into a C2.\nToo achieve
this two things must happened on the syste\n- The macro security registry
value must be set to '4'\n- A file called VbaProject.OTM must be created in
value must be set to '1'\n- A file called VbaProject.OTM must be created in
the Outlook Folder.\n"
supported_platforms:
- windows
executor:
command: |
reg add "HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Security\Level" /t REG_DWORD /d 1 /f
reg add "HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Security" /v Level /t REG_DWORD /d 1 /f
mkdir %APPDATA%\Microsoft\Outlook\ >nul 2>&1
echo "Atomic Red Team TEST" > %APPDATA%\Microsoft\Outlook\VbaProject.OTM
cleanup_command: |
reg delete "HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Security\Level" /f >nul 2>&1
reg delete "HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Security" /v Level /f >nul 2>&1
del %APPDATA%\Microsoft\Outlook\VbaProject.OTM >nul 2>&1
name: command_prompt
T1098.003: