security-tools/atomic-red-team
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Added new atomic test: Update T1490.yaml (#2733)

Browse Source 
* Added new atomic test: Update T1490.yaml

* Added cleanup_command
This commit is contained in:
pratinavchandra
2024-04-02 22:10:02 -04:00
committed by GitHub
parent b044c4921f
commit 5ae956b990
1 changed files with 10 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
atomics/T1490/T1490.yaml
+10 -1
View File
@@ -173,4 +173,13 @@ atomic_tests:
sc sdset VSS D:(D;;GA;;;NU)(D;;GA;;;WD)(D;;GA;;;AN)S:(AU;FA;GA;;;WD)(AU;OIIOFA;GA;;;WD)
cleanup_command: |
sc sdset VSS D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;LC;;;BU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)
- name: Disable Time Machine
description: |
Disables Time Machine which is Apple's automated backup utility software. Attackers can use this to prevent backups from occurring and hinder the victim's ability to recover from any damage.
supported_platforms:
- macos
executor:
command: sudo tmutil disable
cleanup_command: sudo tmutil enable
name: sh
elevation_required: true