security-tools/atomic-red-team
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Generate docs from job=validate_atomics_generate_docs branch=master

Browse Source
This commit is contained in:
CircleCI Atomic Red Team doc generator
2019-10-08 18:02:00 +00:00
parent e1f2936764
commit 641a1d027d
2 changed files with 7 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files
atomics/T1038/T1038.md
+1 -1
View File
@@ -29,7 +29,7 @@ https://enigma0x3.net/2017/07/19/bypassing-amsi-via-com-server-hijacking/
```
copy %windir%\System32\windowspowershell\v1.0\powershell.exe %APPDATA%\updater.exe
copy %windir%\System32\amsi.dll %APPDATA%\amsi.dll
cmd.exe /c %APPDATA%\updater.exe
cmd.exe /k %APPDATA%\updater.exe
```
atomics/index.yaml
+6 -6
View File
@@ -1385,10 +1385,10 @@ persistence:
executor:
name: command_prompt
elevation_required: false
command: |-
command: |
copy %windir%\System32\windowspowershell\v1.0\powershell.exe %APPDATA%\updater.exe
copy %windir%\System32\amsi.dll %APPDATA%\amsi.dll
cmd.exe /c %APPDATA%\updater.exe
cmd.exe /k %APPDATA%\updater.exe
T1158:
technique:
external_references:
@@ -5823,10 +5823,10 @@ defense-evasion:
executor:
name: command_prompt
elevation_required: false
command: |-
command: |
copy %windir%\System32\windowspowershell\v1.0\powershell.exe %APPDATA%\updater.exe
copy %windir%\System32\amsi.dll %APPDATA%\amsi.dll
cmd.exe /c %APPDATA%\updater.exe
cmd.exe /k %APPDATA%\updater.exe
T1140:
technique:
external_references:
@@ -11329,10 +11329,10 @@ privilege-escalation:
executor:
name: command_prompt
elevation_required: false
command: |-
command: |
copy %windir%\System32\windowspowershell\v1.0\powershell.exe %APPDATA%\updater.exe
copy %windir%\System32\amsi.dll %APPDATA%\amsi.dll
cmd.exe /c %APPDATA%\updater.exe
cmd.exe /k %APPDATA%\updater.exe
T1179:
technique:
external_references: