From 529631d8b00be5c5aed0fe64fb879e95d8768a9a Mon Sep 17 00:00:00 2001
From: san-gwea <57334373+san-gwea@users.noreply.github.com>
Date: Mon, 29 Jun 2020 17:19:47 -0500
Subject: [PATCH] added test for opening ports on firewall for proxy -
 T1562.004 (#1094)

* added test for opening ports on firewall for proxy

* remove extra blank lines and fix typo

Co-authored-by: san-gwea <sheartlet01@gmail.com>
Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
---
 atomics/T1562.004/T1562.004.yaml | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/atomics/T1562.004/T1562.004.yaml b/atomics/T1562.004/T1562.004.yaml
index 3d814f41..581b73da 100644
--- a/atomics/T1562.004/T1562.004.yaml
+++ b/atomics/T1562.004/T1562.004.yaml
@@ -47,3 +47,16 @@ atomic_tests:
     cleanup_command: |
       netsh advfirewall reset
     name: command_prompt
+- name: Opening ports for proxy - HARDRAIN 
+  description: |
+    This test creates a listening interface on a victim device. This tactic was used by HARDRAIN for proxying.
+
+    refernce: https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-F.pdf
+  supported_platforms:
+  - windows
+  executor:
+    command: |
+      netsh advfirewall firewall add rule name="atomic testing" action=allow dir=in protocol=TCP localport=450 
+    cleanup_command: netsh advfirewall firewall delete rule name="atomic testing" protocol=TCP localport=450
+    name: command_prompt
+    elevation_required: true