security-tools/atomic-red-team
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

added test for opening ports on firewall for proxy - T1562.004 (#1094)

Browse Source 
* added test for opening ports on firewall for proxy

* remove extra blank lines and fix typo

Co-authored-by: san-gwea <sheartlet01@gmail.com>
Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
This commit is contained in:
san-gwea
2020-06-29 17:19:47 -05:00
committed by GitHub
parent a9be66581c
commit 529631d8b0
1 changed files with 13 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
atomics/T1562.004/T1562.004.yaml
+13
View File
@@ -47,3 +47,16 @@ atomic_tests:
cleanup_command: |
netsh advfirewall reset
name: command_prompt
- name: Opening ports for proxy - HARDRAIN
description: |
This test creates a listening interface on a victim device. This tactic was used by HARDRAIN for proxying.
refernce: https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-F.pdf
supported_platforms:
- windows
executor:
command: |
netsh advfirewall firewall add rule name="atomic testing" action=allow dir=in protocol=TCP localport=450
cleanup_command: netsh advfirewall firewall delete rule name="atomic testing" protocol=TCP localport=450
name: command_prompt
elevation_required: true