Generate docs from job=validate_atomics_generate_docs branch=master

atomics/Indexes/Indexes-CSV/index.csv

@@ -142,21 +142,17 @@ defense-evasion,T1107,File Deletion,8,Delete Filesystem - Linux
 defense-evasion,T1107,File Deletion,9,Delete-PrefetchFile
 defense-evasion,T1107,File Deletion,10,Delete TeamViewer Log Files
 defense-evasion,T1222,File and Directory Permissions Modification,1,Take ownership using takeown utility
-defense-evasion,T1222,File and Directory Permissions Modification,2,Take ownership recursively using takeown utility
-defense-evasion,T1222,File and Directory Permissions Modification,3,cacls - Grant permission to specified user or group
-defense-evasion,T1222,File and Directory Permissions Modification,4,cacls - Grant permission to specified user or group recursively
-defense-evasion,T1222,File and Directory Permissions Modification,5,icacls - Grant permission to specified user or group
-defense-evasion,T1222,File and Directory Permissions Modification,6,icacls - Grant permission to specified user or group recursively
-defense-evasion,T1222,File and Directory Permissions Modification,7,attrib - Remove read-only attribute
-defense-evasion,T1222,File and Directory Permissions Modification,8,chmod - Change file or folder mode (numeric mode)
-defense-evasion,T1222,File and Directory Permissions Modification,9,chmod - Change file or folder mode (symbolic mode)
-defense-evasion,T1222,File and Directory Permissions Modification,10,chmod - Change file or folder mode (numeric mode) recursively
-defense-evasion,T1222,File and Directory Permissions Modification,11,chmod - Change file or folder mode (symbolic mode) recursively
-defense-evasion,T1222,File and Directory Permissions Modification,12,chown - Change file or folder ownership and group
-defense-evasion,T1222,File and Directory Permissions Modification,13,chown - Change file or folder ownership and group recursively
-defense-evasion,T1222,File and Directory Permissions Modification,14,chown - Change file or folder mode ownership only
-defense-evasion,T1222,File and Directory Permissions Modification,15,chown - Change file or folder ownership recursively
-defense-evasion,T1222,File and Directory Permissions Modification,16,chattr - Remove immutable file attribute
+defense-evasion,T1222,File and Directory Permissions Modification,2,cacls - Grant permission to specified user or group recursively
+defense-evasion,T1222,File and Directory Permissions Modification,3,attrib - Remove read-only attribute
+defense-evasion,T1222,File and Directory Permissions Modification,4,chmod - Change file or folder mode (numeric mode)
+defense-evasion,T1222,File and Directory Permissions Modification,5,chmod - Change file or folder mode (symbolic mode)
+defense-evasion,T1222,File and Directory Permissions Modification,6,chmod - Change file or folder mode (numeric mode) recursively
+defense-evasion,T1222,File and Directory Permissions Modification,7,chmod - Change file or folder mode (symbolic mode) recursively
+defense-evasion,T1222,File and Directory Permissions Modification,8,chown - Change file or folder ownership and group
+defense-evasion,T1222,File and Directory Permissions Modification,9,chown - Change file or folder ownership and group recursively
+defense-evasion,T1222,File and Directory Permissions Modification,10,chown - Change file or folder mode ownership only
+defense-evasion,T1222,File and Directory Permissions Modification,11,chown - Change file or folder ownership recursively
+defense-evasion,T1222,File and Directory Permissions Modification,12,chattr - Remove immutable file attribute
 defense-evasion,T1144,Gatekeeper Bypass,1,Gatekeeper Bypass
 defense-evasion,T1148,HISTCONTROL,1,Disable history collection
 defense-evasion,T1148,HISTCONTROL,2,Mac HISTCONTROL

atomics/Indexes/Indexes-CSV/linux-index.csv

@@ -76,15 +76,15 @@ defense-evasion,T1107,File Deletion,1,Delete a single file - Linux/macOS
 defense-evasion,T1107,File Deletion,2,Delete an entire folder - Linux/macOS
 defense-evasion,T1107,File Deletion,3,Overwrite and delete a file with shred
 defense-evasion,T1107,File Deletion,8,Delete Filesystem - Linux
-defense-evasion,T1222,File and Directory Permissions Modification,8,chmod - Change file or folder mode (numeric mode)
-defense-evasion,T1222,File and Directory Permissions Modification,9,chmod - Change file or folder mode (symbolic mode)
-defense-evasion,T1222,File and Directory Permissions Modification,10,chmod - Change file or folder mode (numeric mode) recursively
-defense-evasion,T1222,File and Directory Permissions Modification,11,chmod - Change file or folder mode (symbolic mode) recursively
-defense-evasion,T1222,File and Directory Permissions Modification,12,chown - Change file or folder ownership and group
-defense-evasion,T1222,File and Directory Permissions Modification,13,chown - Change file or folder ownership and group recursively
-defense-evasion,T1222,File and Directory Permissions Modification,14,chown - Change file or folder mode ownership only
-defense-evasion,T1222,File and Directory Permissions Modification,15,chown - Change file or folder ownership recursively
-defense-evasion,T1222,File and Directory Permissions Modification,16,chattr - Remove immutable file attribute
+defense-evasion,T1222,File and Directory Permissions Modification,4,chmod - Change file or folder mode (numeric mode)
+defense-evasion,T1222,File and Directory Permissions Modification,5,chmod - Change file or folder mode (symbolic mode)
+defense-evasion,T1222,File and Directory Permissions Modification,6,chmod - Change file or folder mode (numeric mode) recursively
+defense-evasion,T1222,File and Directory Permissions Modification,7,chmod - Change file or folder mode (symbolic mode) recursively
+defense-evasion,T1222,File and Directory Permissions Modification,8,chown - Change file or folder ownership and group
+defense-evasion,T1222,File and Directory Permissions Modification,9,chown - Change file or folder ownership and group recursively
+defense-evasion,T1222,File and Directory Permissions Modification,10,chown - Change file or folder mode ownership only
+defense-evasion,T1222,File and Directory Permissions Modification,11,chown - Change file or folder ownership recursively
+defense-evasion,T1222,File and Directory Permissions Modification,12,chattr - Remove immutable file attribute
 defense-evasion,T1148,HISTCONTROL,1,Disable history collection
 defense-evasion,T1148,HISTCONTROL,2,Mac HISTCONTROL
 defense-evasion,T1158,Hidden Files and Directories,1,Create a hidden file in a hidden directory

atomics/Indexes/Indexes-CSV/macos-index.csv

@@ -109,15 +109,15 @@ defense-evasion,T1089,Disabling Security Tools,6,Disable LittleSnitch
 defense-evasion,T1089,Disabling Security Tools,7,Disable OpenDNS Umbrella
 defense-evasion,T1107,File Deletion,1,Delete a single file - Linux/macOS
 defense-evasion,T1107,File Deletion,2,Delete an entire folder - Linux/macOS
-defense-evasion,T1222,File and Directory Permissions Modification,8,chmod - Change file or folder mode (numeric mode)
-defense-evasion,T1222,File and Directory Permissions Modification,9,chmod - Change file or folder mode (symbolic mode)
-defense-evasion,T1222,File and Directory Permissions Modification,10,chmod - Change file or folder mode (numeric mode) recursively
-defense-evasion,T1222,File and Directory Permissions Modification,11,chmod - Change file or folder mode (symbolic mode) recursively
-defense-evasion,T1222,File and Directory Permissions Modification,12,chown - Change file or folder ownership and group
-defense-evasion,T1222,File and Directory Permissions Modification,13,chown - Change file or folder ownership and group recursively
-defense-evasion,T1222,File and Directory Permissions Modification,14,chown - Change file or folder mode ownership only
-defense-evasion,T1222,File and Directory Permissions Modification,15,chown - Change file or folder ownership recursively
-defense-evasion,T1222,File and Directory Permissions Modification,16,chattr - Remove immutable file attribute
+defense-evasion,T1222,File and Directory Permissions Modification,4,chmod - Change file or folder mode (numeric mode)
+defense-evasion,T1222,File and Directory Permissions Modification,5,chmod - Change file or folder mode (symbolic mode)
+defense-evasion,T1222,File and Directory Permissions Modification,6,chmod - Change file or folder mode (numeric mode) recursively
+defense-evasion,T1222,File and Directory Permissions Modification,7,chmod - Change file or folder mode (symbolic mode) recursively
+defense-evasion,T1222,File and Directory Permissions Modification,8,chown - Change file or folder ownership and group
+defense-evasion,T1222,File and Directory Permissions Modification,9,chown - Change file or folder ownership and group recursively
+defense-evasion,T1222,File and Directory Permissions Modification,10,chown - Change file or folder mode ownership only
+defense-evasion,T1222,File and Directory Permissions Modification,11,chown - Change file or folder ownership recursively
+defense-evasion,T1222,File and Directory Permissions Modification,12,chattr - Remove immutable file attribute
 defense-evasion,T1144,Gatekeeper Bypass,1,Gatekeeper Bypass
 defense-evasion,T1148,HISTCONTROL,1,Disable history collection
 defense-evasion,T1148,HISTCONTROL,2,Mac HISTCONTROL

atomics/Indexes/Indexes-CSV/windows-index.csv

@@ -40,12 +40,8 @@ defense-evasion,T1107,File Deletion,7,Delete an entire folder - Windows PowerShe
 defense-evasion,T1107,File Deletion,9,Delete-PrefetchFile
 defense-evasion,T1107,File Deletion,10,Delete TeamViewer Log Files
 defense-evasion,T1222,File and Directory Permissions Modification,1,Take ownership using takeown utility
-defense-evasion,T1222,File and Directory Permissions Modification,2,Take ownership recursively using takeown utility
-defense-evasion,T1222,File and Directory Permissions Modification,3,cacls - Grant permission to specified user or group
-defense-evasion,T1222,File and Directory Permissions Modification,4,cacls - Grant permission to specified user or group recursively
-defense-evasion,T1222,File and Directory Permissions Modification,5,icacls - Grant permission to specified user or group
-defense-evasion,T1222,File and Directory Permissions Modification,6,icacls - Grant permission to specified user or group recursively
-defense-evasion,T1222,File and Directory Permissions Modification,7,attrib - Remove read-only attribute
+defense-evasion,T1222,File and Directory Permissions Modification,2,cacls - Grant permission to specified user or group recursively
+defense-evasion,T1222,File and Directory Permissions Modification,3,attrib - Remove read-only attribute
 defense-evasion,T1158,Hidden Files and Directories,3,Create Windows System File with Attrib
 defense-evasion,T1158,Hidden Files and Directories,4,Create Windows Hidden File with Attrib
 defense-evasion,T1158,Hidden Files and Directories,8,Create ADS command prompt

atomics/Indexes/Indexes-Markdown/index.md

@@ -233,21 +233,17 @@
 - T1006 File System Logical Offsets [CONTRIBUTE A TEST](https://atomicredteam.io/contributing)
 - [T1222 File and Directory Permissions Modification](../../T1222/T1222.md)
   - Atomic Test #1: Take ownership using takeown utility [windows]
-  - Atomic Test #2: Take ownership recursively using takeown utility [windows]
-  - Atomic Test #3: cacls - Grant permission to specified user or group [windows]
-  - Atomic Test #4: cacls - Grant permission to specified user or group recursively [windows]
-  - Atomic Test #5: icacls - Grant permission to specified user or group [windows]
-  - Atomic Test #6: icacls - Grant permission to specified user or group recursively [windows]
-  - Atomic Test #7: attrib - Remove read-only attribute [windows]
-  - Atomic Test #8: chmod - Change file or folder mode (numeric mode) [macos, linux]
-  - Atomic Test #9: chmod - Change file or folder mode (symbolic mode) [macos, linux]
-  - Atomic Test #10: chmod - Change file or folder mode (numeric mode) recursively [macos, linux]
-  - Atomic Test #11: chmod - Change file or folder mode (symbolic mode) recursively [macos, linux]
-  - Atomic Test #12: chown - Change file or folder ownership and group [macos, linux]
-  - Atomic Test #13: chown - Change file or folder ownership and group recursively [macos, linux]
-  - Atomic Test #14: chown - Change file or folder mode ownership only [macos, linux]
-  - Atomic Test #15: chown - Change file or folder ownership recursively [macos, linux]
-  - Atomic Test #16: chattr - Remove immutable file attribute [macos, linux]
+  - Atomic Test #2: cacls - Grant permission to specified user or group recursively [windows]
+  - Atomic Test #3: attrib - Remove read-only attribute [windows]
+  - Atomic Test #4: chmod - Change file or folder mode (numeric mode) [macos, linux]
+  - Atomic Test #5: chmod - Change file or folder mode (symbolic mode) [macos, linux]
+  - Atomic Test #6: chmod - Change file or folder mode (numeric mode) recursively [macos, linux]
+  - Atomic Test #7: chmod - Change file or folder mode (symbolic mode) recursively [macos, linux]
+  - Atomic Test #8: chown - Change file or folder ownership and group [macos, linux]
+  - Atomic Test #9: chown - Change file or folder ownership and group recursively [macos, linux]
+  - Atomic Test #10: chown - Change file or folder mode ownership only [macos, linux]
+  - Atomic Test #11: chown - Change file or folder ownership recursively [macos, linux]
+  - Atomic Test #12: chattr - Remove immutable file attribute [macos, linux]
 - [T1144 Gatekeeper Bypass](../../T1144/T1144.md)
   - Atomic Test #1: Gatekeeper Bypass [macos]
 - T1484 Group Policy Modification [CONTRIBUTE A TEST](https://atomicredteam.io/contributing)

atomics/Indexes/Indexes-Markdown/linux-index.md

@@ -159,15 +159,15 @@
   - Atomic Test #3: Overwrite and delete a file with shred [linux]
   - Atomic Test #8: Delete Filesystem - Linux [linux]
 - [T1222 File and Directory Permissions Modification](../../T1222/T1222.md)
-  - Atomic Test #8: chmod - Change file or folder mode (numeric mode) [macos, linux]
-  - Atomic Test #9: chmod - Change file or folder mode (symbolic mode) [macos, linux]
-  - Atomic Test #10: chmod - Change file or folder mode (numeric mode) recursively [macos, linux]
-  - Atomic Test #11: chmod - Change file or folder mode (symbolic mode) recursively [macos, linux]
-  - Atomic Test #12: chown - Change file or folder ownership and group [macos, linux]
-  - Atomic Test #13: chown - Change file or folder ownership and group recursively [macos, linux]
-  - Atomic Test #14: chown - Change file or folder mode ownership only [macos, linux]
-  - Atomic Test #15: chown - Change file or folder ownership recursively [macos, linux]
-  - Atomic Test #16: chattr - Remove immutable file attribute [macos, linux]
+  - Atomic Test #4: chmod - Change file or folder mode (numeric mode) [macos, linux]
+  - Atomic Test #5: chmod - Change file or folder mode (symbolic mode) [macos, linux]
+  - Atomic Test #6: chmod - Change file or folder mode (numeric mode) recursively [macos, linux]
+  - Atomic Test #7: chmod - Change file or folder mode (symbolic mode) recursively [macos, linux]
+  - Atomic Test #8: chown - Change file or folder ownership and group [macos, linux]
+  - Atomic Test #9: chown - Change file or folder ownership and group recursively [macos, linux]
+  - Atomic Test #10: chown - Change file or folder mode ownership only [macos, linux]
+  - Atomic Test #11: chown - Change file or folder ownership recursively [macos, linux]
+  - Atomic Test #12: chattr - Remove immutable file attribute [macos, linux]
 - [T1148 HISTCONTROL](../../T1148/T1148.md)
   - Atomic Test #1: Disable history collection [linux, macos]
   - Atomic Test #2: Mac HISTCONTROL [macos, linux]

atomics/Indexes/Indexes-Markdown/macos-index.md

@@ -249,15 +249,15 @@
   - Atomic Test #1: Delete a single file - Linux/macOS [linux, macos]
   - Atomic Test #2: Delete an entire folder - Linux/macOS [linux, macos]
 - [T1222 File and Directory Permissions Modification](../../T1222/T1222.md)
-  - Atomic Test #8: chmod - Change file or folder mode (numeric mode) [macos, linux]
-  - Atomic Test #9: chmod - Change file or folder mode (symbolic mode) [macos, linux]
-  - Atomic Test #10: chmod - Change file or folder mode (numeric mode) recursively [macos, linux]
-  - Atomic Test #11: chmod - Change file or folder mode (symbolic mode) recursively [macos, linux]
-  - Atomic Test #12: chown - Change file or folder ownership and group [macos, linux]
-  - Atomic Test #13: chown - Change file or folder ownership and group recursively [macos, linux]
-  - Atomic Test #14: chown - Change file or folder mode ownership only [macos, linux]
-  - Atomic Test #15: chown - Change file or folder ownership recursively [macos, linux]
-  - Atomic Test #16: chattr - Remove immutable file attribute [macos, linux]
+  - Atomic Test #4: chmod - Change file or folder mode (numeric mode) [macos, linux]
+  - Atomic Test #5: chmod - Change file or folder mode (symbolic mode) [macos, linux]
+  - Atomic Test #6: chmod - Change file or folder mode (numeric mode) recursively [macos, linux]
+  - Atomic Test #7: chmod - Change file or folder mode (symbolic mode) recursively [macos, linux]
+  - Atomic Test #8: chown - Change file or folder ownership and group [macos, linux]
+  - Atomic Test #9: chown - Change file or folder ownership and group recursively [macos, linux]
+  - Atomic Test #10: chown - Change file or folder mode ownership only [macos, linux]
+  - Atomic Test #11: chown - Change file or folder ownership recursively [macos, linux]
+  - Atomic Test #12: chattr - Remove immutable file attribute [macos, linux]
 - [T1144 Gatekeeper Bypass](../../T1144/T1144.md)
   - Atomic Test #1: Gatekeeper Bypass [macos]
 - [T1148 HISTCONTROL](../../T1148/T1148.md)

atomics/Indexes/Indexes-Markdown/windows-index.md

@@ -64,12 +64,8 @@
 - T1006 File System Logical Offsets [CONTRIBUTE A TEST](https://atomicredteam.io/contributing)
 - [T1222 File and Directory Permissions Modification](../../T1222/T1222.md)
   - Atomic Test #1: Take ownership using takeown utility [windows]
-  - Atomic Test #2: Take ownership recursively using takeown utility [windows]
-  - Atomic Test #3: cacls - Grant permission to specified user or group [windows]
-  - Atomic Test #4: cacls - Grant permission to specified user or group recursively [windows]
-  - Atomic Test #5: icacls - Grant permission to specified user or group [windows]
-  - Atomic Test #6: icacls - Grant permission to specified user or group recursively [windows]
-  - Atomic Test #7: attrib - Remove read-only attribute [windows]
+  - Atomic Test #2: cacls - Grant permission to specified user or group recursively [windows]
+  - Atomic Test #3: attrib - Remove read-only attribute [windows]
 - T1484 Group Policy Modification [CONTRIBUTE A TEST](https://atomicredteam.io/contributing)
 - [T1158 Hidden Files and Directories](../../T1158/T1158.md)
   - Atomic Test #3: Create Windows System File with Attrib [windows]

atomics/Indexes/index.yaml

@@ -7662,138 +7662,82 @@ defense-evasion:
       identifier: T1222
     atomic_tests:
     - name: Take ownership using takeown utility
-      description: 'Modifies the filesystem permissions of the specified file or folder
-        to take ownership of the object.
-
-'
+      description: |
+        Modifies the filesystem permissions of the specified file or folder to take ownership of the object. Upon execution, "SUCCESS" will
+        be displayed for the folder and each file inside of it.
       supported_platforms:
       - windows
       input_arguments:
         file_folder_to_own:
           description: Path of the file or folder for takeown to take ownership.
           type: path
-          default: PathToAtomicsFolder\T1222\T1222.yaml
+          default: "%temp%\\T1222_takeown_folder"
+      dependency_executor_name: command_prompt
+      dependencies:
+      - description: Test requrires a file to take ownership of to be located at (#{file_folder_to_own})
+        prereq_command: 'IF EXIST #{file_folder_to_own} ( EXIT 0 ) ELSE ( EXIT 1 )'
+        get_prereq_command: |-
+          mkdir #{file_folder_to_own}
+          echo T1222_takeown1 >> #{file_folder_to_own}\T1222_takeown1.txt
+          echo T1222_takeown2 >> #{file_folder_to_own}\T1222_takeown2.txt
       executor:
         name: command_prompt
-        command: 'takeown.exe /f #{file_folder_to_own}
-
-'
-    - name: Take ownership recursively using takeown utility
-      description: 'Modifies the filesystem permissions of the specified folder to
-        take ownership of it and its contents.
-
-'
-      supported_platforms:
-      - windows
-      input_arguments:
-        folder_to_own:
-          description: Path of the folder for takeown to take ownership.
-          type: path
-          default: PathToAtomicsFolder\T1222
-      executor:
-        name: command_prompt
-        command: 'takeown.exe /f #{folder_to_own} /r
-
-'
-    - name: cacls - Grant permission to specified user or group
-      description: 'Modifies the filesystem permissions of the specified file or folder
-        to allow the specified user or group Full Control.
-
-'
-      supported_platforms:
-      - windows
-      input_arguments:
-        file_or_folder:
-          description: Path of the file or folder to change permissions.
-          type: path
-          default: PathToAtomicsFolder\T1222\T1222.yaml
-        user_or_group:
-          description: User or group to allow full control
-          type: string
-          default: Everyone
-      executor:
-        name: command_prompt
-        command: 'cacls.exe #{file_or_folder} /grant #{user_or_group}:F
+        command: 'takeown.exe /f #{file_folder_to_own} /r
 
 '
     - name: cacls - Grant permission to specified user or group recursively
-      description: 'Modifies the filesystem permissions of the specified folder and
-        contents to allow the specified user or group Full Control.
-
-'
+      description: |
+        Modifies the filesystem permissions of the specified folder and contents to allow the specified user or group Full Control. If "Access is denied"
+        is displayed it may be because the file or folder doesn't exit. Run the prereq command to create it. Upon successfull execution, "Successfully processed 3 files"
+        will be displayed.
       supported_platforms:
       - windows
       input_arguments:
         file_or_folder:
           description: Path of the file or folder to change permissions.
           type: path
-          default: PathToAtomicsFolder\T1222
+          default: "%temp%\\T1222_cacls"
         user_or_group:
           description: User or group to allow full control
           type: string
           default: Everyone
+      dependency_executor_name: command_prompt
+      dependencies:
+      - description: Test requrires a file to modifyto be located at (#{file_or_folder})
+        prereq_command: 'IF EXIST #{file_or_folder} ( EXIT 0 ) ELSE ( EXIT 1 )'
+        get_prereq_command: |-
+          mkdir #{file_or_folder}
+          echo T1222_cacls1 >> #{file_or_folder}\T1222_cacls1.txt
+          echo T1222_cacls2 >> #{file_or_folder}\T1222_cacls2.txt
       executor:
         name: command_prompt
-        command: 'cacls.exe #{file_or_folder} /grant #{user_or_group}:F /t
-
-'
-    - name: icacls - Grant permission to specified user or group
-      description: 'Modifies the filesystem permissions of the specified file or folder
-        to allow the specified user or group Full Control.
-
-'
-      supported_platforms:
-      - windows
-      input_arguments:
-        file_or_folder:
-          description: Path of the file or folder to change permissions.
-          type: path
-          default: PathToAtomicsFolder\T1222\T1222.yaml
-        user_or_group:
-          description: User or group to allow full control
-          type: string
-          default: Everyone
-      executor:
-        name: command_prompt
-        command: 'icacls.exe #{file_or_folder} /grant #{user_or_group}:F
-
-'
-    - name: icacls - Grant permission to specified user or group recursively
-      description: 'Modifies the filesystem permissions of the specified folder and
-        contents to allow the specified user or group Full Control.
-
-'
-      supported_platforms:
-      - windows
-      input_arguments:
-        file_or_folder:
-          description: Path of the file or folder to change permissions.
-          type: path
-          default: PathToAtomicsFolder\T1222
-        user_or_group:
-          description: User or group to allow full control
-          type: string
-          default: Everyone
-      executor:
-        name: command_prompt
-        command: 'icacls.exe #{file_or_folder} /grant #{user_or_group}:F /t
+        command: 'Icacls.exe #{file_or_folder} /grant #{user_or_group}:F
 
 '
     - name: attrib - Remove read-only attribute
-      description: 'Removes the read-only attribute from a file or folder using the
-        attrib.exe command.
-
-'
+      description: |
+        Removes the read-only attribute from a file or folder using the attrib.exe command. Upon execution, no output will be displayed.
+        Open the file in File Explorer > Right Click - Prperties and observe that the Read Only checkbox is empty.
       supported_platforms:
       - windows
       input_arguments:
         file_or_folder:
           description: Path of the file or folder remove attribute.
           type: path
-          default: PathToAtomicsFolder\T1222
+          default: "%temp%\\T1222_attrib"
+      dependency_executor_name: command_prompt
+      dependencies:
+      - description: Test requrires a file to modify to be located at (#{file_or_folder})
+        prereq_command: 'IF EXIST #{file_or_folder} ( EXIT 0 ) ELSE ( EXIT 1 )'
+        get_prereq_command: |-
+          mkdir #{file_or_folder}
+          echo T1222_attrib1 >> #{file_or_folder}\T1222_attrib1.txt
+          echo T1222_attrib2 >> #{file_or_folder}\T1222_attrib2.txt
+          attrib.exe +r #{file_or_folder}\T1222_attrib1.txt
+          attrib.exe +r #{file_or_folder}\T1222_attrib2.txt
       executor:
         name: command_prompt
-        command: 'attrib.exe -r #{file_or_folder}
+        command: 'attrib.exe -r #{file_or_folder}\*.* /s
 
 '
     - name: chmod - Change file or folder mode (numeric mode)

atomics/T1222/T1222.md

@@ -8,41 +8,34 @@ Adversaries may modify file or directory permissions/attributes to evade intende
 
 - [Atomic Test #1 - Take ownership using takeown utility](#atomic-test-1---take-ownership-using-takeown-utility)
 
-- [Atomic Test #2 - Take ownership recursively using takeown utility](#atomic-test-2---take-ownership-recursively-using-takeown-utility)
+- [Atomic Test #2 - cacls - Grant permission to specified user or group recursively](#atomic-test-2---cacls---grant-permission-to-specified-user-or-group-recursively)
 
-- [Atomic Test #3 - cacls - Grant permission to specified user or group](#atomic-test-3---cacls---grant-permission-to-specified-user-or-group)
+- [Atomic Test #3 - attrib - Remove read-only attribute](#atomic-test-3---attrib---remove-read-only-attribute)
 
-- [Atomic Test #4 - cacls - Grant permission to specified user or group recursively](#atomic-test-4---cacls---grant-permission-to-specified-user-or-group-recursively)
+- [Atomic Test #4 - chmod - Change file or folder mode (numeric mode)](#atomic-test-4---chmod---change-file-or-folder-mode-numeric-mode)
 
-- [Atomic Test #5 - icacls - Grant permission to specified user or group](#atomic-test-5---icacls---grant-permission-to-specified-user-or-group)
+- [Atomic Test #5 - chmod - Change file or folder mode (symbolic mode)](#atomic-test-5---chmod---change-file-or-folder-mode-symbolic-mode)
 
-- [Atomic Test #6 - icacls - Grant permission to specified user or group recursively](#atomic-test-6---icacls---grant-permission-to-specified-user-or-group-recursively)
+- [Atomic Test #6 - chmod - Change file or folder mode (numeric mode) recursively](#atomic-test-6---chmod---change-file-or-folder-mode-numeric-mode-recursively)
 
-- [Atomic Test #7 - attrib - Remove read-only attribute](#atomic-test-7---attrib---remove-read-only-attribute)
+- [Atomic Test #7 - chmod - Change file or folder mode (symbolic mode) recursively](#atomic-test-7---chmod---change-file-or-folder-mode-symbolic-mode-recursively)
 
-- [Atomic Test #8 - chmod - Change file or folder mode (numeric mode)](#atomic-test-8---chmod---change-file-or-folder-mode-numeric-mode)
+- [Atomic Test #8 - chown - Change file or folder ownership and group](#atomic-test-8---chown---change-file-or-folder-ownership-and-group)
 
-- [Atomic Test #9 - chmod - Change file or folder mode (symbolic mode)](#atomic-test-9---chmod---change-file-or-folder-mode-symbolic-mode)
+- [Atomic Test #9 - chown - Change file or folder ownership and group recursively](#atomic-test-9---chown---change-file-or-folder-ownership-and-group-recursively)
 
-- [Atomic Test #10 - chmod - Change file or folder mode (numeric mode) recursively](#atomic-test-10---chmod---change-file-or-folder-mode-numeric-mode-recursively)
+- [Atomic Test #10 - chown - Change file or folder mode ownership only](#atomic-test-10---chown---change-file-or-folder-mode-ownership-only)
 
-- [Atomic Test #11 - chmod - Change file or folder mode (symbolic mode) recursively](#atomic-test-11---chmod---change-file-or-folder-mode-symbolic-mode-recursively)
+- [Atomic Test #11 - chown - Change file or folder ownership recursively](#atomic-test-11---chown---change-file-or-folder-ownership-recursively)
 
-- [Atomic Test #12 - chown - Change file or folder ownership and group](#atomic-test-12---chown---change-file-or-folder-ownership-and-group)
-
-- [Atomic Test #13 - chown - Change file or folder ownership and group recursively](#atomic-test-13---chown---change-file-or-folder-ownership-and-group-recursively)
-
-- [Atomic Test #14 - chown - Change file or folder mode ownership only](#atomic-test-14---chown---change-file-or-folder-mode-ownership-only)
-
-- [Atomic Test #15 - chown - Change file or folder ownership recursively](#atomic-test-15---chown---change-file-or-folder-ownership-recursively)
-
-- [Atomic Test #16 - chattr - Remove immutable file attribute](#atomic-test-16---chattr---remove-immutable-file-attribute)
+- [Atomic Test #12 - chattr - Remove immutable file attribute](#atomic-test-12---chattr---remove-immutable-file-attribute)
 
 
 <br/>
 
 ## Atomic Test #1 - Take ownership using takeown utility
-Modifies the filesystem permissions of the specified file or folder to take ownership of the object.
+Modifies the filesystem permissions of the specified file or folder to take ownership of the object. Upon execution, "SUCCESS" will
+be displayed for the folder and each file inside of it.
 
 **Supported Platforms:** Windows
 
@@ -52,55 +45,42 @@ Modifies the filesystem permissions of the specified file or folder to take owne
 #### Inputs:
 | Name | Description | Type | Default Value | 
 |------|-------------|------|---------------|
-| file_folder_to_own | Path of the file or folder for takeown to take ownership. | path | PathToAtomicsFolder&#92;T1222&#92;T1222.yaml|
+| file_folder_to_own | Path of the file or folder for takeown to take ownership. | path | %temp%&#92;T1222_takeown_folder|
 
 
 #### Attack Commands: Run with `command_prompt`! 
 
 
 ```cmd
-takeown.exe /f #{file_folder_to_own}
+takeown.exe /f #{file_folder_to_own} /r
 ```
 
 
 
 
-
-
-<br/>
-<br/>
-
-## Atomic Test #2 - Take ownership recursively using takeown utility
-Modifies the filesystem permissions of the specified folder to take ownership of it and its contents.
-
-**Supported Platforms:** Windows
-
-
-
-
-#### Inputs:
-| Name | Description | Type | Default Value | 
-|------|-------------|------|---------------|
-| folder_to_own | Path of the folder for takeown to take ownership. | path | PathToAtomicsFolder&#92;T1222|
-
-
-#### Attack Commands: Run with `command_prompt`! 
-
-
+#### Dependencies:  Run with `command_prompt`!
+##### Description: Test requrires a file to take ownership of to be located at (#{file_folder_to_own})
+##### Check Prereq Commands:
 ```cmd
-takeown.exe /f #{folder_to_own} /r
+IF EXIST #{file_folder_to_own} ( EXIT 0 ) ELSE ( EXIT 1 ) 
+```
+##### Get Prereq Commands:
+```cmd
+mkdir #{file_folder_to_own}
+echo T1222_takeown1 >> #{file_folder_to_own}\T1222_takeown1.txt
+echo T1222_takeown2 >> #{file_folder_to_own}\T1222_takeown2.txt
 ```
 
 
 
 
-
-
 <br/>
 <br/>
 
-## Atomic Test #3 - cacls - Grant permission to specified user or group
-Modifies the filesystem permissions of the specified file or folder to allow the specified user or group Full Control.
+## Atomic Test #2 - cacls - Grant permission to specified user or group recursively
+Modifies the filesystem permissions of the specified folder and contents to allow the specified user or group Full Control. If "Access is denied"
+is displayed it may be because the file or folder doesn't exit. Run the prereq command to create it. Upon successfull execution, "Successfully processed 3 files"
+will be displayed.
 
 **Supported Platforms:** Windows
 
@@ -110,7 +90,7 @@ Modifies the filesystem permissions of the specified file or folder to allow the
 #### Inputs:
 | Name | Description | Type | Default Value | 
 |------|-------------|------|---------------|
-| file_or_folder | Path of the file or folder to change permissions. | path | PathToAtomicsFolder&#92;T1222&#92;T1222.yaml|
+| file_or_folder | Path of the file or folder to change permissions. | path | %temp%&#92;T1222_cacls|
 | user_or_group | User or group to allow full control | string | Everyone|
 
 
@@ -118,19 +98,34 @@ Modifies the filesystem permissions of the specified file or folder to allow the
 
 
 ```cmd
-cacls.exe #{file_or_folder} /grant #{user_or_group}:F
+Icacls.exe #{file_or_folder} /grant #{user_or_group}:F
 ```
 
 
 
 
+#### Dependencies:  Run with `command_prompt`!
+##### Description: Test requrires a file to modifyto be located at (#{file_or_folder})
+##### Check Prereq Commands:
+```cmd
+IF EXIST #{file_or_folder} ( EXIT 0 ) ELSE ( EXIT 1 ) 
+```
+##### Get Prereq Commands:
+```cmd
+mkdir #{file_or_folder}
+echo T1222_cacls1 >> #{file_or_folder}\T1222_cacls1.txt
+echo T1222_cacls2 >> #{file_or_folder}\T1222_cacls2.txt
+```
+
+
 
 
 <br/>
 <br/>
 
-## Atomic Test #4 - cacls - Grant permission to specified user or group recursively
-Modifies the filesystem permissions of the specified folder and contents to allow the specified user or group Full Control.
+## Atomic Test #3 - attrib - Remove read-only attribute
+Removes the read-only attribute from a file or folder using the attrib.exe command. Upon execution, no output will be displayed.
+Open the file in File Explorer > Right Click - Prperties and observe that the Read Only checkbox is empty.
 
 **Supported Platforms:** Windows
 
@@ -140,115 +135,41 @@ Modifies the filesystem permissions of the specified folder and contents to allo
 #### Inputs:
 | Name | Description | Type | Default Value | 
 |------|-------------|------|---------------|
-| file_or_folder | Path of the file or folder to change permissions. | path | PathToAtomicsFolder&#92;T1222|
-| user_or_group | User or group to allow full control | string | Everyone|
+| file_or_folder | Path of the file or folder remove attribute. | path | %temp%&#92;T1222_attrib|
 
 
 #### Attack Commands: Run with `command_prompt`! 
 
 
 ```cmd
-cacls.exe #{file_or_folder} /grant #{user_or_group}:F /t
+attrib.exe -r #{file_or_folder}\*.* /s
 ```
 
 
 
 
-
-
-<br/>
-<br/>
-
-## Atomic Test #5 - icacls - Grant permission to specified user or group
-Modifies the filesystem permissions of the specified file or folder to allow the specified user or group Full Control.
-
-**Supported Platforms:** Windows
-
-
-
-
-#### Inputs:
-| Name | Description | Type | Default Value | 
-|------|-------------|------|---------------|
-| file_or_folder | Path of the file or folder to change permissions. | path | PathToAtomicsFolder&#92;T1222&#92;T1222.yaml|
-| user_or_group | User or group to allow full control | string | Everyone|
-
-
-#### Attack Commands: Run with `command_prompt`! 
-
-
+#### Dependencies:  Run with `command_prompt`!
+##### Description: Test requrires a file to modify to be located at (#{file_or_folder})
+##### Check Prereq Commands:
 ```cmd
-icacls.exe #{file_or_folder} /grant #{user_or_group}:F
+IF EXIST #{file_or_folder} ( EXIT 0 ) ELSE ( EXIT 1 ) 
 ```
-
-
-
-
-
-
-<br/>
-<br/>
-
-## Atomic Test #6 - icacls - Grant permission to specified user or group recursively
-Modifies the filesystem permissions of the specified folder and contents to allow the specified user or group Full Control.
-
-**Supported Platforms:** Windows
-
-
-
-
-#### Inputs:
-| Name | Description | Type | Default Value | 
-|------|-------------|------|---------------|
-| file_or_folder | Path of the file or folder to change permissions. | path | PathToAtomicsFolder&#92;T1222|
-| user_or_group | User or group to allow full control | string | Everyone|
-
-
-#### Attack Commands: Run with `command_prompt`! 
-
-
+##### Get Prereq Commands:
 ```cmd
-icacls.exe #{file_or_folder} /grant #{user_or_group}:F /t
+mkdir #{file_or_folder}
+echo T1222_attrib1 >> #{file_or_folder}\T1222_attrib1.txt
+echo T1222_attrib2 >> #{file_or_folder}\T1222_attrib2.txt
+attrib.exe +r #{file_or_folder}\T1222_attrib1.txt
+attrib.exe +r #{file_or_folder}\T1222_attrib2.txt
 ```
 
 
 
 
-
-
 <br/>
 <br/>
 
-## Atomic Test #7 - attrib - Remove read-only attribute
-Removes the read-only attribute from a file or folder using the attrib.exe command.
-
-**Supported Platforms:** Windows
-
-
-
-
-#### Inputs:
-| Name | Description | Type | Default Value | 
-|------|-------------|------|---------------|
-| file_or_folder | Path of the file or folder remove attribute. | path | PathToAtomicsFolder&#92;T1222|
-
-
-#### Attack Commands: Run with `command_prompt`! 
-
-
-```cmd
-attrib.exe -r #{file_or_folder}
-```
-
-
-
-
-
-
-<br/>
-<br/>
-
-## Atomic Test #8 - chmod - Change file or folder mode (numeric mode)
+## Atomic Test #4 - chmod - Change file or folder mode (numeric mode)
 Changes a file or folder's permissions using chmod and a specified numeric mode.
 
 **Supported Platforms:** macOS, Linux
@@ -278,7 +199,7 @@ chmod #{numeric_mode} #{file_or_folder}
 <br/>
 <br/>
 
-## Atomic Test #9 - chmod - Change file or folder mode (symbolic mode)
+## Atomic Test #5 - chmod - Change file or folder mode (symbolic mode)
 Changes a file or folder's permissions using chmod and a specified symbolic mode.
 
 **Supported Platforms:** macOS, Linux
@@ -308,7 +229,7 @@ chmod #{symbolic_mode} #{file_or_folder}
 <br/>
 <br/>
 
-## Atomic Test #10 - chmod - Change file or folder mode (numeric mode) recursively
+## Atomic Test #6 - chmod - Change file or folder mode (numeric mode) recursively
 Changes a file or folder's permissions recursively using chmod and a specified numeric mode.
 
 **Supported Platforms:** macOS, Linux
@@ -338,7 +259,7 @@ chmod #{numeric_mode} #{file_or_folder} -R
 <br/>
 <br/>
 
-## Atomic Test #11 - chmod - Change file or folder mode (symbolic mode) recursively
+## Atomic Test #7 - chmod - Change file or folder mode (symbolic mode) recursively
 Changes a file or folder's permissions recursively using chmod and a specified symbolic mode.
 
 **Supported Platforms:** macOS, Linux
@@ -368,7 +289,7 @@ chmod #{symbolic_mode} #{file_or_folder} -R
 <br/>
 <br/>
 
-## Atomic Test #12 - chown - Change file or folder ownership and group
+## Atomic Test #8 - chown - Change file or folder ownership and group
 Changes a file or folder's ownership and group information using chown.
 
 **Supported Platforms:** macOS, Linux
@@ -399,7 +320,7 @@ chown #{owner}:#{group} #{file_or_folder}
 <br/>
 <br/>
 
-## Atomic Test #13 - chown - Change file or folder ownership and group recursively
+## Atomic Test #9 - chown - Change file or folder ownership and group recursively
 Changes a file or folder's ownership and group information recursively using chown.
 
 **Supported Platforms:** macOS, Linux
@@ -430,7 +351,7 @@ chown #{owner}:#{group} #{file_or_folder} -R
 <br/>
 <br/>
 
-## Atomic Test #14 - chown - Change file or folder mode ownership only
+## Atomic Test #10 - chown - Change file or folder mode ownership only
 Changes a file or folder's ownership only using chown.
 
 **Supported Platforms:** macOS, Linux
@@ -460,7 +381,7 @@ chown #{owner} #{file_or_folder}
 <br/>
 <br/>
 
-## Atomic Test #15 - chown - Change file or folder ownership recursively
+## Atomic Test #11 - chown - Change file or folder ownership recursively
 Changes a file or folder's ownership only recursively using chown.
 
 **Supported Platforms:** macOS, Linux
@@ -490,7 +411,7 @@ chown #{owner} #{file_or_folder} -R
 <br/>
 <br/>
 
-## Atomic Test #16 - chattr - Remove immutable file attribute
+## Atomic Test #12 - chattr - Remove immutable file attribute
 Remove's a file's `immutable` attribute using `chattr`.
 This technique was used by the threat actor Rocke during the compromise of Linux web servers.