security-tools/atomic-red-team
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

adding T1021.005

Browse Source 
adding T1021.005
This commit is contained in:
Hare Sudhan
2023-08-31 12:03:59 -04:00
parent b4841b32e5
commit 65fe70a420
1 changed files with 18 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
atomics/T1021.005/T1021.005.yaml
+18
View File
@@ -0,0 +1,18 @@
attack_technique: T1021.005
display_name: 'Remote Services:VNC'
atomic_tests:
- name: Enable Apple Remote Desktop Agent
description: |
ARD leverages a blend of protocols, including VNC to send the screen and control buffers and SSH for secure file transfer.
Adversaries can abuse ARD to gain remote code execution and perform lateral movement.
References: https://www.mandiant.com/resources/blog/leveraging-apple-remote-desktop-for-good-and-evil
supported_platforms:
- macos
executor:
name: sh
command: |
sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -activate -configure -allowAccessFor -allUsers -privs -all -quiet
cleanup_command: |
sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -deactivate -stop -configure -privs -none -quiet
elevation_required: true