Generate docs from job=validate_atomics_generate_docs branch=master

2019-08-27 15:35:27 +00:00
parent 5f846ced08
commit 5898dab7e4
4 changed files with 28 additions and 0 deletions
@@ -22,6 +22,8 @@

 - [Atomic Test #9 - Disable Windows IIS HTTP Logging](#atomic-test-9---disable-windows-iis-http-logging)

+- [Atomic Test #10 - Uninstall Sysmon](#atomic-test-10---uninstall-sysmon)
+

 <br/>

@@ -174,3 +176,16 @@ This action requires HTTP logging configurations in IIS to be unlocked.
 C:\Windows\System32\inetsrv\appcmd.exe set config "#{website_name}" /section:httplogging /dontLog:true
 ```
 <br/>
+<br/>
+
+## Atomic Test #10 - Uninstall Sysmon
+Uninstall Sysinternals Sysmon for Defense Evasion
+
+**Supported Platforms:** Windows
+
+
+#### Run it with `command_prompt`!
+```
+sysmon -u
+```
+<br/>
@@ -191,6 +191,7 @@
  - Atomic Test #7: Disable OpenDNS Umbrella [macos]
  - Atomic Test #8: Unload Sysmon Filter Driver [windows]
  - Atomic Test #9: Disable Windows IIS HTTP Logging [windows]
+  - Atomic Test #10: Uninstall Sysmon [windows]
 - T1480 Execution Guardrails [CONTRIBUTE A TEST](https://atomicredteam.io/contributing)
 - T1211 Exploitation for Defense Evasion [CONTRIBUTE A TEST](https://atomicredteam.io/contributing)
 - T1181 Extra Window Memory Injection [CONTRIBUTE A TEST](https://atomicredteam.io/contributing)
@@ -5642,6 +5642,17 @@ defense-evasion:
        command: 'C:\Windows\System32\inetsrv\appcmd.exe set config "#{website_name}"
          /section:httplogging /dontLog:true

+'
+    - name: Uninstall Sysmon
+      description: 'Uninstall Sysinternals Sysmon for Defense Evasion
+
+'
+      supported_platforms:
+      - windows
+      executor:
+        name: command_prompt
+        command: 'sysmon -u
+
 '
  T1107:
    technique:
@@ -34,6 +34,7 @@
 - [T1089 Disabling Security Tools](./T1089/T1089.md)
  - Atomic Test #8: Unload Sysmon Filter Driver [windows]
  - Atomic Test #9: Disable Windows IIS HTTP Logging [windows]
+  - Atomic Test #10: Uninstall Sysmon [windows]
 - T1480 Execution Guardrails [CONTRIBUTE A TEST](https://atomicredteam.io/contributing)
 - T1211 Exploitation for Defense Evasion [CONTRIBUTE A TEST](https://atomicredteam.io/contributing)
 - T1181 Extra Window Memory Injection [CONTRIBUTE A TEST](https://atomicredteam.io/contributing)