security-tools/atomic-red-team
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Generate docs from job=validate_atomics_generate_docs branch=master

Browse Source
This commit is contained in:
CircleCI Atomic Red Team doc generator
2020-01-27 22:18:51 +00:00
parent 72ed340500
commit 4fc6a89bcf
2 changed files with 13 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files
atomics/T1069/T1069.md
+6 -5
View File
@@ -66,6 +66,7 @@ Basic Permission Groups Discovery for Windows
```
net localgroup
net group /domain
net group "domain admins" /domain
```
@@ -103,7 +104,7 @@ get-ADPrincipalGroupMembership #{user} | select name
<br/>
## Atomic Test #4 - Elevated group enumeration using net group
Runs 'net group' command including command aliases and loose typing to simulate enumeration/discovery of high value domain groups
Runs "net group" command including command aliases and loose typing to simulate enumeration/discovery of high value domain groups
**Supported Platforms:** Windows
@@ -111,10 +112,10 @@ Runs 'net group' command including command aliases and loose typing to simulate
#### Attack Commands: Run with `command_prompt`!
```
net group /domai 'Domain Admins'
net groups 'Account Operators' /doma
net groups 'Exchange Organization Management' /doma
net group 'BUILTIN\Backup Operators' /doma
net group /domai "Domain Admins"
net groups "Account Operators" /doma
net groups "Exchange Organization Management" /doma
net group "BUILTIN\Backup Operators" /doma
```
atomics/index.yaml
+7 -6
View File
@@ -17860,6 +17860,7 @@ discovery:
command: |
net localgroup
net group /domain
net group "domain admins" /domain
- name: Permission Groups Discovery PowerShell
description: 'Permission Groups Discovery utilizing PowerShell
@@ -17878,8 +17879,8 @@ discovery:
get-localgroup
get-ADPrincipalGroupMembership #{user} | select name
- name: Elevated group enumeration using net group
description: 'Runs ''net group'' command including command aliases and loose
typing to simulate enumeration/discovery of high value domain groups
description: 'Runs "net group" command including command aliases and loose typing
to simulate enumeration/discovery of high value domain groups
'
supported_platforms:
@@ -17888,10 +17889,10 @@ discovery:
name: command_prompt
elevation_required: false
command: |
net group /domai 'Domain Admins'
net groups 'Account Operators' /doma
net groups 'Exchange Organization Management' /doma
net group 'BUILTIN\Backup Operators' /doma
net group /domai "Domain Admins"
net groups "Account Operators" /doma
net groups "Exchange Organization Management" /doma
net group "BUILTIN\Backup Operators" /doma
T1057:
technique:
x_mitre_data_sources: