security-tools/atomic-red-team
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update T1112.yaml (#2774)

Browse Source 
* Update T1112.yaml

Add new test Disable Windows Prefetch Through Registry

* fix spacing

---------

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
This commit is contained in:
abhijose09
2024-05-11 00:06:54 +05:30
committed by GitHub
parent 56b0e29923
commit 5f866ca451
1 changed files with 12 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
atomics/T1112/T1112.yaml
+12
View File
@@ -1087,3 +1087,15 @@ atomic_tests:
cleanup_command: 'if #{remove_rdp_access_during_cleanup} EQU 1 (reg delete "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /f >nul 2>&1)'
name: command_prompt
elevation_required: true
- name: Disable Windows Prefetch Through Registry
description: |
Modify the registry of the machine to disable prefetch. Disabling prefetch will remove one artifact for evidence of application execution. Restart is required post modification
supported_platforms:
- windows
executor:
command: |
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters" /v "EnablePrefetcher" /t REG_DWORD /d 0 /f
cleanup_command: |
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters" /v "EnablePrefetcher" /t REG_DWORD /d 3 /f
name: command_prompt
elevation_required: true