security-tools/atomic-red-team
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Updated O365-Disable-AntiPhishRule test (#1611)

Browse Source 
* updated O365-Disable-AntiPhishRule test

* updated as per review comments

Co-authored-by: Araveti Esanya Reddy <esanya.araveti@kudelskisecurity.com>
Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
This commit is contained in:
Araveti Esanya Reddy
2021-08-31 00:45:58 +05:30
committed by GitHub
parent 9965165d19
commit 5bda040ce8
1 changed files with 42 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
atomics/T1562.001/T1562.001.yaml
+42
View File
@@ -484,3 +484,45 @@ atomic_tests:
Remove-MpPreference -ExclusionProcess $excludedProcess
name: powershell
elevation_required: true
- name: office-365-Disable-AntiPhishRule
description: |
Using the Disable-AntiPhishRule cmdlet to disable antiphish rules in your office-365 organization.
supported_platforms:
- office-365
input_arguments:
username:
description: office-365 username
type: String
default:
password:
description: office-365 password
type: String
default:
dependency_executor_name: powershell
dependencies:
- description: |
ExchangeOnlineManagement PowerShell module must be installed
prereq_command: |
$RequiredModule = Get-Module -Name ExchangeOnlineManagement -ListAvailable
if (-not $RequiredModule) {exit 1}
if (-not $RequiredModule.ExportedCommands['Connect-ExchangeOnline']) {exit 1} else {exit 0}
get_prereq_command: |
Install-Module -Name ExchangeOnlineManagement
Import-Module ExchangeOnlineManagement
executor:
command: |
$secure_pwd = "#{password}" | ConvertTo-SecureString -AsPlainText -Force
$creds = New-Object System.Management.Automation.PSCredential -ArgumentList "#{username}", $secure_pwd
Connect-ExchangeOnline -Credential $creds
$test = Get-AntiPhishRule
Disable-AntiPhishRule -Identity $test.Name -Confirm:$false
Get-AntiPhishRule
cleanup_command: |
$secure_pwd = "#{password}" | ConvertTo-SecureString -AsPlainText -Force
$creds = New-Object System.Management.Automation.PSCredential -ArgumentList "#{username}", $secure_pwd
Connect-ExchangeOnline -Credential $creds
$test = Get-AntiPhishRule
Enable-AntiPhishRule -Identity $test.Name -Confirm:$false
Get-AntiPhishRule
name: powershell
elevation_required: false