security-tools/atomic-red-team
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Generate docs from job=validate_atomics_generate_docs branch=master

Browse Source
This commit is contained in:
CircleCI Atomic Red Team doc generator
2019-11-19 22:24:59 +00:00
parent c5b2c92ad3
commit 586684d308
6 changed files with 132 additions and 286 deletions
Download Patch File Download Diff File Expand all files Collapse all files
atomics/T1158/T1158.md
+46 -100
View File
@@ -23,25 +23,19 @@ Many applications create these hidden files and folders to store information so
- [Atomic Test #2 - Mac Hidden file](#atomic-test-2---mac-hidden-file)
- [Atomic Test #3 - Hidden file](#atomic-test-3---hidden-file)
- [Atomic Test #3 - Create Windows System File with Attrib](#atomic-test-3---create-windows-system-file-with-attrib)
- [Atomic Test #4 - Create Windows System File with Attrib](#atomic-test-4---create-windows-system-file-with-attrib)
- [Atomic Test #4 - Create Windows Hidden File with Attrib](#atomic-test-4---create-windows-hidden-file-with-attrib)
- [Atomic Test #5 - Create Windows Hidden File with Attrib](#atomic-test-5---create-windows-hidden-file-with-attrib)
- [Atomic Test #5 - Hidden files](#atomic-test-5---hidden-files)
- [Atomic Test #6 - Hidden files](#atomic-test-6---hidden-files)
- [Atomic Test #6 - Hide a Directory](#atomic-test-6---hide-a-directory)
- [Atomic Test #7 - Hide a Directory](#atomic-test-7---hide-a-directory)
- [Atomic Test #7 - Show all hidden files](#atomic-test-7---show-all-hidden-files)
- [Atomic Test #8 - Show all hidden files](#atomic-test-8---show-all-hidden-files)
- [Atomic Test #8 - Create ADS command prompt](#atomic-test-8---create-ads-command-prompt)
- [Atomic Test #9 - Create Visible Directories](#atomic-test-9---create-visible-directories)
- [Atomic Test #10 - Create hidden directories and files](#atomic-test-10---create-hidden-directories-and-files)
- [Atomic Test #11 - Create ADS command prompt](#atomic-test-11---create-ads-command-prompt)
- [Atomic Test #12 - Create ADS PowerShell](#atomic-test-12---create-ads-powershell)
- [Atomic Test #9 - Create ADS PowerShell](#atomic-test-9---create-ads-powershell)
<br/>
@@ -54,11 +48,15 @@ Creates a hidden file inside a hidden directory
#### Run it with `sh`!
```
mkdir .hidden-directory
echo "this file is hidden" > .hidden-directory/.hidden-file
mkdir /var/tmp/.hidden-directory
echo "T1158" > /var/tmp/.hidden-directory/.hidden-file
```
#### Cleanup Commands:
```
rm -rf /var/tmp/.hidden-directory/
```
<br/>
<br/>
@@ -71,7 +69,7 @@ Hide a file on MacOS
#### Run it with `sh`!
```
sudo xattr -lr * / 2>&1 /dev/null | grep -C 2 "00 00 00 00 00 00 00 00 40 00 FF FF FF FF 00 00"
xattr -lr * / 2>&1 /dev/null | grep -C 2 "00 00 00 00 00 00 00 00 40 00 FF FF FF FF 00 00"
```
@@ -79,71 +77,49 @@ sudo xattr -lr * / 2>&1 /dev/null | grep -C 2 "00 00 00 00 00 00 00 00 40 00 FF
<br/>
<br/>
## Atomic Test #3 - Hidden file
mv file to a .file
**Supported Platforms:** macOS, Linux
#### Inputs
| Name | Description | Type | Default Value |
|------|-------------|------|---------------|
| filename | path of file to hide | path | /tmp/evil|
| output_filename | output path of file | path | /tmp/evil|
#### Run it with `sh`!
```
mv #{filename} .#{output_filename}
```
<br/>
<br/>
## Atomic Test #4 - Create Windows System File with Attrib
## Atomic Test #3 - Create Windows System File with Attrib
Creates a file and marks it as a system file using the attrib.exe utility.
**Supported Platforms:** Windows
#### Inputs
| Name | Description | Type | Default Value |
|------|-------------|------|---------------|
| filename | path of file to mark as system | path | C:\Temp\sensitive_file.txt|
#### Run it with `command_prompt`!
#### Run it with `command_prompt`! Elevation Required (e.g. root or admin)
```
attrib.exe +s #{filename}
echo T1158 > %TEMP%\T1158.txt
attrib.exe +s %TEMP%\T1158.txt
```
#### Cleanup Commands:
```
del /A:S %TEMP%\T1158.txt
```
<br/>
<br/>
## Atomic Test #5 - Create Windows Hidden File with Attrib
## Atomic Test #4 - Create Windows Hidden File with Attrib
Creates a file and marks it as hidden using the attrib.exe utility.
**Supported Platforms:** Windows
#### Inputs
| Name | Description | Type | Default Value |
|------|-------------|------|---------------|
| filename | path of file to mark as hidden | path | C:\Temp\sensitive_file.txt|
#### Run it with `command_prompt`!
```
attrib.exe +h #{filename}
echo T1158_hidden > %TEMP%\T1158_hidden.txt
attrib.exe +h %TEMP%\T1158_hidden.txt
```
#### Cleanup Commands:
```
del /A:H %TEMP%\T1158_hidden.txt
```
<br/>
<br/>
## Atomic Test #6 - Hidden files
## Atomic Test #5 - Hidden files
Requires Apple Dev Tools
**Supported Platforms:** macOS
@@ -164,28 +140,28 @@ setfile -a V #{filename}
<br/>
<br/>
## Atomic Test #7 - Hide a Directory
## Atomic Test #6 - Hide a Directory
Hide a directory on MacOS
**Supported Platforms:** macOS
#### Inputs
| Name | Description | Type | Default Value |
|------|-------------|------|---------------|
| filename | path of file to hide | path | /tmp/evil|
#### Run it with `sh`!
```
chflags hidden #{filename}
touch /var/tmp/T1158_mac.txt
chflags hidden /var/tmp/T1158_mac.txt
```
#### Cleanup Commands:
```
rm /var/tmp/T1158_mac.txt
```
<br/>
<br/>
## Atomic Test #8 - Show all hidden files
## Atomic Test #7 - Show all hidden files
Show all hidden files on MacOS
**Supported Platforms:** macOS
@@ -197,49 +173,15 @@ defaults write com.apple.finder AppleShowAllFiles YES
```
<br/>
<br/>
## Atomic Test #9 - Create Visible Directories
Create visible directories on MacOS and Linux
**Supported Platforms:** macOS, Linux
#### Run it with `sh`!
#### Cleanup Commands:
```
mkdir visible-directory
echo "this file is visible" > visible-directory/visible-file
ls
ls visible-directory
defaults write com.apple.finder AppleShowAllFiles NO
```
<br/>
<br/>
## Atomic Test #10 - Create hidden directories and files
Create hidden directories and files on Nix platforms
**Supported Platforms:** macOS, Linux
#### Run it with `sh`!
```
mkdir .hidden-directory
echo "this file is hidden" > .hidden-directory/.hidden-file
ls -la
ls -la .hidden-directory
```
<br/>
<br/>
## Atomic Test #11 - Create ADS command prompt
## Atomic Test #8 - Create ADS command prompt
Create an Alternate Data Stream with the command prompt. Write access is required.
**Supported Platforms:** Windows
@@ -267,7 +209,7 @@ del #{file_name}
<br/>
<br/>
## Atomic Test #12 - Create ADS PowerShell
## Atomic Test #9 - Create ADS PowerShell
Create an Alternate Data Stream with PowerShell. Write access is required.
**Supported Platforms:** Windows
@@ -288,5 +230,9 @@ ls -Recurse | %{ gi $_.Fullname -stream *} | where stream -ne ':$Data' | Select-
```
#### Cleanup Commands:
```
Remove-Item -Path #{file_name}
```
<br/>
atomics/index.md
+14 -20
View File
@@ -51,16 +51,13 @@
- [T1158 Hidden Files and Directories](./T1158/T1158.md)
- Atomic Test #1: Create a hidden file in a hidden directory [linux, macos]
- Atomic Test #2: Mac Hidden file [macos]
- Atomic Test #3: Hidden file [macos, linux]
- Atomic Test #4: Create Windows System File with Attrib [windows]
- Atomic Test #5: Create Windows Hidden File with Attrib [windows]
- Atomic Test #6: Hidden files [macos]
- Atomic Test #7: Hide a Directory [macos]
- Atomic Test #8: Show all hidden files [macos]
- Atomic Test #9: Create Visible Directories [macos, linux]
- Atomic Test #10: Create hidden directories and files [macos, linux]
- Atomic Test #11: Create ADS command prompt [windows]
- Atomic Test #12: Create ADS PowerShell [windows]
- Atomic Test #3: Create Windows System File with Attrib [windows]
- Atomic Test #4: Create Windows Hidden File with Attrib [windows]
- Atomic Test #5: Hidden files [macos]
- Atomic Test #6: Hide a Directory [macos]
- Atomic Test #7: Show all hidden files [macos]
- Atomic Test #8: Create ADS command prompt [windows]
- Atomic Test #9: Create ADS PowerShell [windows]
- [T1179 Hooking](./T1179/T1179.md)
- Atomic Test #1: Hook PowerShell TLS Encrypt/Decrypt Messages [windows]
- [T1062 Hypervisor](./T1062/T1062.md)
@@ -260,16 +257,13 @@
- [T1158 Hidden Files and Directories](./T1158/T1158.md)
- Atomic Test #1: Create a hidden file in a hidden directory [linux, macos]
- Atomic Test #2: Mac Hidden file [macos]
- Atomic Test #3: Hidden file [macos, linux]
- Atomic Test #4: Create Windows System File with Attrib [windows]
- Atomic Test #5: Create Windows Hidden File with Attrib [windows]
- Atomic Test #6: Hidden files [macos]
- Atomic Test #7: Hide a Directory [macos]
- Atomic Test #8: Show all hidden files [macos]
- Atomic Test #9: Create Visible Directories [macos, linux]
- Atomic Test #10: Create hidden directories and files [macos, linux]
- Atomic Test #11: Create ADS command prompt [windows]
- Atomic Test #12: Create ADS PowerShell [windows]
- Atomic Test #3: Create Windows System File with Attrib [windows]
- Atomic Test #4: Create Windows Hidden File with Attrib [windows]
- Atomic Test #5: Hidden files [macos]
- Atomic Test #6: Hide a Directory [macos]
- Atomic Test #7: Show all hidden files [macos]
- Atomic Test #8: Create ADS command prompt [windows]
- Atomic Test #9: Create ADS PowerShell [windows]
- [T1147 Hidden Users](./T1147/T1147.md)
- Atomic Test #1: Hidden Users [macos]
- T1143 Hidden Window [CONTRIBUTE A TEST](https://atomicredteam.io/contributing)
atomics/index.yaml
+58 -140
View File
@@ -1661,9 +1661,13 @@ persistence:
- macos
executor:
name: sh
elevation_required: false
command: |
mkdir .hidden-directory
echo "this file is hidden" > .hidden-directory/.hidden-file
mkdir /var/tmp/.hidden-directory
echo "T1158" > /var/tmp/.hidden-directory/.hidden-file
cleanup_command: 'rm -rf /var/tmp/.hidden-directory/
'
- name: Mac Hidden file
description: 'Hide a file on MacOS
@@ -1672,29 +1676,9 @@ persistence:
- macos
executor:
name: sh
command: 'sudo xattr -lr * / 2>&1 /dev/null | grep -C 2 "00 00 00 00 00 00
00 00 40 00 FF FF FF FF 00 00"
'
- name: Hidden file
description: 'mv file to a .file
'
supported_platforms:
- macos
- linux
input_arguments:
filename:
description: path of file to hide
type: path
default: "/tmp/evil"
output_filename:
description: output path of file
type: path
default: "/tmp/evil"
executor:
name: sh
command: 'mv #{filename} .#{output_filename}
elevation_required: false
command: 'xattr -lr * / 2>&1 /dev/null | grep -C 2 "00 00 00 00 00 00 00 00
40 00 FF FF FF FF 00 00"
'
- name: Create Windows System File with Attrib
@@ -1704,15 +1688,13 @@ persistence:
'
supported_platforms:
- windows
input_arguments:
filename:
description: path of file to mark as system
type: path
default: C:\Temp\sensitive_file.txt
executor:
name: command_prompt
elevation_required: false
command: 'attrib.exe +s #{filename}
elevation_required: true
command: |
echo T1158 > %TEMP%\T1158.txt
attrib.exe +s %TEMP%\T1158.txt
cleanup_command: 'del /A:S %TEMP%\T1158.txt
'
- name: Create Windows Hidden File with Attrib
@@ -1721,15 +1703,13 @@ persistence:
'
supported_platforms:
- windows
input_arguments:
filename:
description: path of file to mark as hidden
type: path
default: C:\Temp\sensitive_file.txt
executor:
name: command_prompt
elevation_required: false
command: 'attrib.exe +h #{filename}
command: |
echo T1158_hidden > %TEMP%\T1158_hidden.txt
attrib.exe +h %TEMP%\T1158_hidden.txt
cleanup_command: 'del /A:H %TEMP%\T1158_hidden.txt
'
- name: Hidden files
@@ -1745,6 +1725,7 @@ persistence:
default: "/tmp/evil"
executor:
name: sh
elevation_required: false
command: 'setfile -a V #{filename}
'
@@ -1754,14 +1735,13 @@ persistence:
'
supported_platforms:
- macos
input_arguments:
filename:
description: path of file to hide
type: path
default: "/tmp/evil"
executor:
name: sh
command: 'chflags hidden #{filename}
elevation_required: false
command: |
touch /var/tmp/T1158_mac.txt
chflags hidden /var/tmp/T1158_mac.txt
cleanup_command: 'rm /var/tmp/T1158_mac.txt
'
- name: Show all hidden files
@@ -1772,37 +1752,13 @@ persistence:
- macos
executor:
name: sh
elevation_required: false
command: 'defaults write com.apple.finder AppleShowAllFiles YES
'
- name: Create Visible Directories
description: 'Create visible directories on MacOS and Linux
cleanup_command: 'defaults write com.apple.finder AppleShowAllFiles NO
'
supported_platforms:
- macos
- linux
executor:
name: sh
command: |
mkdir visible-directory
echo "this file is visible" > visible-directory/visible-file
ls
ls visible-directory
- name: Create hidden directories and files
description: 'Create hidden directories and files on Nix platforms
'
supported_platforms:
- macos
- linux
executor:
name: sh
command: |
mkdir .hidden-directory
echo "this file is hidden" > .hidden-directory/.hidden-file
ls -la
ls -la .hidden-directory
- name: Create ADS command prompt
description: 'Create an Alternate Data Stream with the command prompt. Write
access is required.
@@ -1853,6 +1809,9 @@ persistence:
set-content -path #{file_name} -stream #{ads_filename} -value "test2"
set-content -path . -stream #{ads_filename} -value "test3"
ls -Recurse | %{ gi $_.Fullname -stream *} | where stream -ne ':$Data' | Select-Object pschildname
cleanup_command: 'Remove-Item -Path #{file_name}
'
T1179:
technique:
x_mitre_data_sources:
@@ -7941,9 +7900,13 @@ defense-evasion:
- macos
executor:
name: sh
elevation_required: false
command: |
mkdir .hidden-directory
echo "this file is hidden" > .hidden-directory/.hidden-file
mkdir /var/tmp/.hidden-directory
echo "T1158" > /var/tmp/.hidden-directory/.hidden-file
cleanup_command: 'rm -rf /var/tmp/.hidden-directory/
'
- name: Mac Hidden file
description: 'Hide a file on MacOS
@@ -7952,29 +7915,9 @@ defense-evasion:
- macos
executor:
name: sh
command: 'sudo xattr -lr * / 2>&1 /dev/null | grep -C 2 "00 00 00 00 00 00
00 00 40 00 FF FF FF FF 00 00"
'
- name: Hidden file
description: 'mv file to a .file
'
supported_platforms:
- macos
- linux
input_arguments:
filename:
description: path of file to hide
type: path
default: "/tmp/evil"
output_filename:
description: output path of file
type: path
default: "/tmp/evil"
executor:
name: sh
command: 'mv #{filename} .#{output_filename}
elevation_required: false
command: 'xattr -lr * / 2>&1 /dev/null | grep -C 2 "00 00 00 00 00 00 00 00
40 00 FF FF FF FF 00 00"
'
- name: Create Windows System File with Attrib
@@ -7984,15 +7927,13 @@ defense-evasion:
'
supported_platforms:
- windows
input_arguments:
filename:
description: path of file to mark as system
type: path
default: C:\Temp\sensitive_file.txt
executor:
name: command_prompt
elevation_required: false
command: 'attrib.exe +s #{filename}
elevation_required: true
command: |
echo T1158 > %TEMP%\T1158.txt
attrib.exe +s %TEMP%\T1158.txt
cleanup_command: 'del /A:S %TEMP%\T1158.txt
'
- name: Create Windows Hidden File with Attrib
@@ -8001,15 +7942,13 @@ defense-evasion:
'
supported_platforms:
- windows
input_arguments:
filename:
description: path of file to mark as hidden
type: path
default: C:\Temp\sensitive_file.txt
executor:
name: command_prompt
elevation_required: false
command: 'attrib.exe +h #{filename}
command: |
echo T1158_hidden > %TEMP%\T1158_hidden.txt
attrib.exe +h %TEMP%\T1158_hidden.txt
cleanup_command: 'del /A:H %TEMP%\T1158_hidden.txt
'
- name: Hidden files
@@ -8025,6 +7964,7 @@ defense-evasion:
default: "/tmp/evil"
executor:
name: sh
elevation_required: false
command: 'setfile -a V #{filename}
'
@@ -8034,14 +7974,13 @@ defense-evasion:
'
supported_platforms:
- macos
input_arguments:
filename:
description: path of file to hide
type: path
default: "/tmp/evil"
executor:
name: sh
command: 'chflags hidden #{filename}
elevation_required: false
command: |
touch /var/tmp/T1158_mac.txt
chflags hidden /var/tmp/T1158_mac.txt
cleanup_command: 'rm /var/tmp/T1158_mac.txt
'
- name: Show all hidden files
@@ -8052,37 +7991,13 @@ defense-evasion:
- macos
executor:
name: sh
elevation_required: false
command: 'defaults write com.apple.finder AppleShowAllFiles YES
'
- name: Create Visible Directories
description: 'Create visible directories on MacOS and Linux
cleanup_command: 'defaults write com.apple.finder AppleShowAllFiles NO
'
supported_platforms:
- macos
- linux
executor:
name: sh
command: |
mkdir visible-directory
echo "this file is visible" > visible-directory/visible-file
ls
ls visible-directory
- name: Create hidden directories and files
description: 'Create hidden directories and files on Nix platforms
'
supported_platforms:
- macos
- linux
executor:
name: sh
command: |
mkdir .hidden-directory
echo "this file is hidden" > .hidden-directory/.hidden-file
ls -la
ls -la .hidden-directory
- name: Create ADS command prompt
description: 'Create an Alternate Data Stream with the command prompt. Write
access is required.
@@ -8133,6 +8048,9 @@ defense-evasion:
set-content -path #{file_name} -stream #{ads_filename} -value "test2"
set-content -path . -stream #{ads_filename} -value "test3"
ls -Recurse | %{ gi $_.Fullname -stream *} | where stream -ne ':$Data' | Select-Object pschildname
cleanup_command: 'Remove-Item -Path #{file_name}
'
T1147:
technique:
x_mitre_data_sources:
atomics/linux-index.md
-6
View File
@@ -14,9 +14,6 @@
- Atomic Test #5: Create a new user in Linux with `root` UID and GID. [linux]
- [T1158 Hidden Files and Directories](./T1158/T1158.md)
- Atomic Test #1: Create a hidden file in a hidden directory [linux, macos]
- Atomic Test #3: Hidden file [macos, linux]
- Atomic Test #9: Create Visible Directories [macos, linux]
- Atomic Test #10: Create hidden directories and files [macos, linux]
- T1525 Implant Container Image [CONTRIBUTE A TEST](https://atomicredteam.io/contributing)
- [T1215 Kernel Modules and Extensions](./T1215/T1215.md)
- Atomic Test #1: Linux - Load Kernel Module via insmod [centos, ubuntu, linux]
@@ -175,9 +172,6 @@
- Atomic Test #2: Mac HISTCONTROL [macos, linux]
- [T1158 Hidden Files and Directories](./T1158/T1158.md)
- Atomic Test #1: Create a hidden file in a hidden directory [linux, macos]
- Atomic Test #3: Hidden file [macos, linux]
- Atomic Test #9: Create Visible Directories [macos, linux]
- Atomic Test #10: Create hidden directories and files [macos, linux]
- T1066 Indicator Removal from Tools [CONTRIBUTE A TEST](https://atomicredteam.io/contributing)
- [T1070 Indicator Removal on Host](./T1070/T1070.md)
- Atomic Test #3: rm -rf [macos, linux]
atomics/macos-index.md
+6 -12
View File
@@ -14,12 +14,9 @@
- [T1158 Hidden Files and Directories](./T1158/T1158.md)
- Atomic Test #1: Create a hidden file in a hidden directory [linux, macos]
- Atomic Test #2: Mac Hidden file [macos]
- Atomic Test #3: Hidden file [macos, linux]
- Atomic Test #6: Hidden files [macos]
- Atomic Test #7: Hide a Directory [macos]
- Atomic Test #8: Show all hidden files [macos]
- Atomic Test #9: Create Visible Directories [macos, linux]
- Atomic Test #10: Create hidden directories and files [macos, linux]
- Atomic Test #5: Hidden files [macos]
- Atomic Test #6: Hide a Directory [macos]
- Atomic Test #7: Show all hidden files [macos]
- [T1215 Kernel Modules and Extensions](./T1215/T1215.md)
- T1161 LC_LOAD_DYLIB Addition [CONTRIBUTE A TEST](https://atomicredteam.io/contributing)
- [T1159 Launch Agent](./T1159/T1159.md)
@@ -269,12 +266,9 @@
- [T1158 Hidden Files and Directories](./T1158/T1158.md)
- Atomic Test #1: Create a hidden file in a hidden directory [linux, macos]
- Atomic Test #2: Mac Hidden file [macos]
- Atomic Test #3: Hidden file [macos, linux]
- Atomic Test #6: Hidden files [macos]
- Atomic Test #7: Hide a Directory [macos]
- Atomic Test #8: Show all hidden files [macos]
- Atomic Test #9: Create Visible Directories [macos, linux]
- Atomic Test #10: Create hidden directories and files [macos, linux]
- Atomic Test #5: Hidden files [macos]
- Atomic Test #6: Hide a Directory [macos]
- Atomic Test #7: Show all hidden files [macos]
- [T1147 Hidden Users](./T1147/T1147.md)
- Atomic Test #1: Hidden Users [macos]
- T1143 Hidden Window [CONTRIBUTE A TEST](https://atomicredteam.io/contributing)
atomics/windows-index.md
+8 -8
View File
@@ -67,10 +67,10 @@
- Atomic Test #7: attrib - Remove read-only attribute [windows]
- T1484 Group Policy Modification [CONTRIBUTE A TEST](https://atomicredteam.io/contributing)
- [T1158 Hidden Files and Directories](./T1158/T1158.md)
- Atomic Test #4: Create Windows System File with Attrib [windows]
- Atomic Test #5: Create Windows Hidden File with Attrib [windows]
- Atomic Test #11: Create ADS command prompt [windows]
- Atomic Test #12: Create ADS PowerShell [windows]
- Atomic Test #3: Create Windows System File with Attrib [windows]
- Atomic Test #4: Create Windows Hidden File with Attrib [windows]
- Atomic Test #8: Create ADS command prompt [windows]
- Atomic Test #9: Create ADS PowerShell [windows]
- T1143 Hidden Window [CONTRIBUTE A TEST](https://atomicredteam.io/contributing)
- [T1183 Image File Execution Options Injection](./T1183/T1183.md)
- Atomic Test #1: IFEO Add Debugger [windows]
@@ -274,10 +274,10 @@
- [T1044 File System Permissions Weakness](./T1044/T1044.md)
- Atomic Test #1: File System Permissions Weakness [windows]
- [T1158 Hidden Files and Directories](./T1158/T1158.md)
- Atomic Test #4: Create Windows System File with Attrib [windows]
- Atomic Test #5: Create Windows Hidden File with Attrib [windows]
- Atomic Test #11: Create ADS command prompt [windows]
- Atomic Test #12: Create ADS PowerShell [windows]
- Atomic Test #3: Create Windows System File with Attrib [windows]
- Atomic Test #4: Create Windows Hidden File with Attrib [windows]
- Atomic Test #8: Create ADS command prompt [windows]
- Atomic Test #9: Create ADS PowerShell [windows]
- [T1179 Hooking](./T1179/T1179.md)
- Atomic Test #1: Hook PowerShell TLS Encrypt/Decrypt Messages [windows]
- [T1062 Hypervisor](./T1062/T1062.md)