T1077 Added PowerShell map drive technique

atomics/T1077/T1077.yaml

@@ -3,7 +3,7 @@ attack_technique: T1077
 display_name: Windows Admin Shares
 
 atomic_tests:
-- name: TODO
+- name: Map admin share
   description: |
     Connecting To Remote Shares
 
@@ -31,3 +31,26 @@ atomic_tests:
     name: command_prompt
     command: |
       cmd.exe /c "net use \\#{computer_name}\#{share_name} #{password} /u:#{user_name}"
+
+- name: Map Admin Share PowerShell
+  description: |
+    Map Admin share utilizing PowerShell
+  supported_platforms:
+    - windows
+  input_arguments:
+    share_name:
+      description: Examples C$, IPC$, Admin$
+      type: String
+      default: C$
+    computer_name:
+      description: Target Computer Name
+      type: String
+      default: Target
+    map_name:
+      description: Mapped Drive Letter
+      type: String
+      default: g
+  executor:
+    name: powershell
+    command: |
+      New-PSDrive -name #{map_name} -psprovider filesystem -root \\#{computer_name}\#{share_name}